Cisco ASA & NAT for UDP

RS19 · ‎02-26-2020

I have a application behind Cisco ASA & the application uses UDP.

The client connects to the application using UDP port & there is 2 ASA firewall between the client & the application server.

ASA 1 does the source NAT

ASA 2 does the destination NAT

Let me know if UDP traffic works with NAT & it not what is the alternate or work around ?

Mohammed al Baqari · ‎02-26-2020

generally speaking yes unless the application has something in the payload
to check the source IP then it will fail.

**** please remember to rate useful posts

RS19 · ‎02-26-2020

thanks.

You mean to say NAT can be used for UDP traffic. Let me know if my understanding is right.

The only thing I need to check is if the application looks for the original IP address in the payload ?

If it does not look for the source IP in the payload then it should work.

If you have any doc or link as reference please share.

RS19 · ‎03-01-2020

Any input

Cristian Matei · ‎03-10-2020

Hi,

Yes, it's supported and it's gonna work for 99.9% of the cases. What is the application you are running over UDP? Here's some samples for object NAT, you will be using UDP service instead of TCP service:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html

Regards,

Cristian Matei.