Solved: Cisco ASA via ASDM using NAT RULES

cemrecanaltinel · ‎12-21-2023

Hi everyone,

this is my scenario,how can I do that over cisco Asdm gui or cli,Could you help me please?;

-I want to route the packets coming from the 10.120.0.0/16 ip my source vlan eca to the 10.150.11.4/32 and 10.160.11.5/32 ip to the 172.10.10.1/24.In fortigate that name is Policy Based Roting,ın cisco Should I nat rules and acl for that.I mean I want packets originating from the 10.120.0.0/16 block and going to 10.150.11.4 and 10.150.11.5 to be directed to VLAN 172.10.10.1/24 when they reach the firewall. How can I do this, especially through the GUI? Can you help me please?"

MHM Cisco World · ‎12-21-2023

https://mo-nirul.blogspot.com/2021/06/cisco-asa-policy-based-routing-asdm.html?m=1

This more simple and show you exact steps to follow

MHM

View solution in original post

balaji.bandi · ‎12-21-2023

In fortigate that name is Policy Based Roting - if this is requirement then - You can also do PBR on ASA if the code you have 9.4 onwards that supports.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

cemrecanaltinel · ‎12-21-2023

thank you for your answer ,I am looking the document for my problem solution but I could not understand route map working princible

MHM Cisco World · ‎12-21-2023

10.120.0.0/16 ip my source vlan eca to the 10.150.11.4/32

and 10.160.11.5/32 ip to the 172.10.10.1/24.

1-use two pbr to direct taffic

2-use acl to allow traffic between interface

3-you dont need NAT since all subnet is private.

https://edledge.com/ea00139/

MHM

cemrecanaltinel · ‎12-21-2023

Which sentences do ı use for my source interface,destination interface and forward traffic address for example at the below fortigate pbr picture everyrhing is clear but I can not understadn exactly on cisco asdm route map

MHM Cisco World · ‎12-21-2023

https://mo-nirul.blogspot.com/2021/06/cisco-asa-policy-based-routing-asdm.html?m=1

This more simple and show you exact steps to follow

MHM

cemrecanaltinel · ‎12-22-2023

ye that s so useful for me I got the idea.thanks a lot

Rob Ingram · ‎12-21-2023

@cemrecanaltinel do you mean you want traffic originally sourced from 10.120.0.0/16 translated to 172.10.10.1 when the destination is either 10.150.11.4 or 10.150.11.5? You can do this with NAT.

Example:-

nat (inside,outside) source dynamic REAL-SRC TRANSLATED-SRC destination static REMOTE1 REMOTE1
nat (inside,outside) source dynamic REAL-SRC TRANSLATED-SRC destination static REMOTE2 REMOTE2

Just create network objects to reflect the REAL-SRC (10.120.0.0/16), TRANSLATED-SRC (172.10.10.1), REMOTE1 (10.150.11.4) and REMOTE2 (10.150.11.5).

cemrecanaltinel · ‎12-22-2023

Yes exactly ,ı want to that ,so I am confused,Do I use nat rules and pbr ,which one is better for my problem

Rob Ingram · ‎12-22-2023

@cemrecanaltinel ok, then use NAT (as per the example) to change the source address when going to those destination addresses.