Dynamic nat outside to inside?

ahmad82pkn · ‎10-19-2012

Hi Team.

i am just asked to do dynamic nat from outside to inside, i need little help how to accomplish this.

(10.10.10.0/24)My Network-A------FirewallIInside-----ASAFirewall-------FirewallOutside------Client (172.10.0.0/22)

What we want is when client access my network 10.10.10.0/24 from outside as source 172.10.0.0/22 , the source changes to 10.75.0.0/23 and then hit 10.10.10.0/24) and we want to do it like a dynamic nat.

How can i accomplish this?

can i do

nat (outside ) 1 172.10.0.0 255.255.252.0

global (inside) 1 10.75.0.0 255.255.254.0

is it correct way to do this??

Appreciate any suggestions.

Jouni Forss · ‎10-19-2012

Hi,

I think you need to alter you configuration abit

You would need

nat (outside ) 10 172.10.0.0 255.255.252.0

global (inside) 10 10.75.0.0-10.75.1.253

global (inside) 10 10.75.1.254

The first global statement uses a pool of NAT address.

The second global statement uses PAT address for/if the pool runs out.

EDIT: I edited the NAT IDs. I'm not sure if it would have mattered but just to differentiate it from default NAT configurations (presuming you are using ID 1 for them)

- Jouni

Jouni Forss · ‎10-19-2012

On the other hand though,

If the VPN users have to get access to Internet through the VPN connection (VPN Client has been configure as full tunnel) it would ofcourse be nice to use the same NAT ID that you have also configured for your LAN -> Internet PAT translations.