Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
0
Helpful
4
Replies

Destination NAT

Go to solution
arumugasamy
Level 1
Level 1

‎12-06-2015 12:04 PM - edited ‎03-12-2019 12:00 AM

Team,

One of the customer wants to implement the below scnarios. I need to give them the configuration.

Inside network  source 192.168.100.1 App svr when accessing the outside destination mail svr 192.168.1.112 (This IP can not removed from the svr 192.168.100.1 code). the destination ip 192.168.1.112 should be translated to 192.168.1.134.Real mail server 192.168.1.112 will be removed from the network and its place to be installed 192.168.1.134.Since the server ip 192.168.1.112 is not removed from 192.168.100.1 App server code,we need to map the dest IP 192.168.1.112 to 192.168.1.134.

SOURCE-192.168.100.1 - DESTINATION- 192.168.1.112 -THEN AGAIN 192.168.1.134.

ASA 8.2.5 image on ASA 5520.

Pls help me with the script

Thx

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎12-07-2015 02:11 AM

Hi,

Please use the statement like below:

"static (outside,inside) 192.168.1.112 192.168.1.134"

This above statement says that if anybody from inside would try to access 1.112 then it traffic would be redirected to 1.134 on Outside interface

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎12-07-2015 02:11 AM

Hi,

Please use the statement like below:

"static (outside,inside) 192.168.1.112 192.168.1.134"

This above statement says that if anybody from inside would try to access 1.112 then it traffic would be redirected to 1.134 on Outside interface

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

0 Helpful

Go to solution
arumugasamy
Level 1
Level 1
In response to Akshay Rastogi

‎12-08-2015 05:45 AM

Dear Akshay,

Thanks for your great help. This is the correct one I expected. I verified in GNS3 and confirmed it.

In real setup there are 2 mail servers .112,.134 and 2 Apps servers 2.20,2.21.

So I created the access-list "

access-list NAT ext permit ip host 192.168.1.134 host 10.0.2.20

ccess-list NAT ext permit ip host 192.168.1.134 host 10.0.2.21

Static (outside,inside) 192.168.1.112 access-list NAT

APP1_R1# ping 192.168.1.112 

reply received after shutdown MAIL1_112_R3 interface fa0/0 (192.168.1.112)

Thanks a lot

0 Helpful

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee
In response to arumugasamy

‎12-08-2015 06:49 AM

Hi,

I am glad it worked.

Regards,

Akshay Rastogi

0 Helpful

Go to solution
arumugasamy
Level 1
Level 1
In response to Akshay Rastogi

‎12-08-2015 08:45 PM

Yes, Dear Akshay,

Thanks a lot for your timely help and support

Swami

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card