cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

299
Views
0
Helpful
2
Replies
Highlighted
Beginner

Dynamic nat outside to inside?

Hi Team.

i am just asked to do dynamic nat from outside to inside, i need little help how to accomplish this.

(10.10.10.0/24)My Network-A------FirewallIInside-----ASAFirewall-------FirewallOutside------Client (172.10.0.0/22)

What we want is when client access my network 10.10.10.0/24 from outside as source 172.10.0.0/22 , the source changes to 10.75.0.0/23 and then hit 10.10.10.0/24) and we want to do it like a dynamic nat.

How can i accomplish this?

can i do

nat (outside ) 1 172.10.0.0 255.255.252.0

global (inside) 1 10.75.0.0 255.255.254.0

is it correct way to do this??

Appreciate any suggestions.

2 REPLIES 2
Highlighted
Mentor

Hi,

I think you need to alter you configuration abit

You would need

nat (outside ) 10 172.10.0.0 255.255.252.0

global (inside) 10 10.75.0.0-10.75.1.253

global (inside) 10 10.75.1.254

The first global statement uses a pool of NAT address.

The second global statement uses PAT address for/if the pool runs out.

EDIT: I edited the NAT IDs. I'm not sure if it would have mattered but just to differentiate it from default NAT configurations (presuming you are using ID 1 for them)

- Jouni

Highlighted

On the other hand though,

If the VPN users have to get access to Internet through the VPN connection (VPN Client has been configure as full tunnel) it would ofcourse be nice to use the same NAT ID that you have also configured for your LAN -> Internet PAT translations.

Content for Community-Ad