12-25-2016 03:49 PM - edited 03-12-2019 01:42 AM
I want to achieve this:
When user from Inside subnet goes to the IP 46.253.96.18 I want him to redirect to the IP 195.113.165.19
I have got this
object network SPSE
host 195.113.165.19
object network webmail
host 46.253.96.18
nat (DMZ,outside) source static any any destination static webmail SPSE
The end result is that neither page works.
Solved! Go to Solution.
12-25-2016 11:09 PM
The config looks good. Could you please run a packet-tracer command and share the result. I believe that the issue is because we need a public ip mapping for the source while going to internet.
Try below:
nat (DMZ,outside) source dynamic any interface destination static webmail SPSE
-
AJ
12-26-2016 10:49 AM
Well, that should work if we have another NAT statement something like below:
nat (DMZ,outside) source dynamic any interface destination static x x
where x would be the ip address of the destination which you need to access. You need the real ip address here.
Let me know if it helps.
HTH
-
AJ
12-25-2016 09:44 PM
Hi,
#object network MyDMZinside
#subnet 10.10.10.0 255.255.255.0
#object network 195_113_IP
#host 195.113.165.19
#object network 46_253_IP
#host 46.253.96.18
#nat (dmz,outside) source dynamic MyDMZinside 195_113_IP dynamic static 46_253_IP 46_253_IP
(10.10.10.0 255.255.255.0 ) ----------> ( Change as 195.113.165.19)------> (when goes to 46.253.96.18)
Rate if this helps you.
Thanks ,
Mani
12-25-2016 11:09 PM
The config looks good. Could you please run a packet-tracer command and share the result. I believe that the issue is because we need a public ip mapping for the source while going to internet.
Try below:
nat (DMZ,outside) source dynamic any interface destination static webmail SPSE
-
AJ
12-26-2016 10:26 AM
so the forwarding works, but I cannot go to the "allowed page directly" is there any way around?
12-26-2016 10:49 AM
Well, that should work if we have another NAT statement something like below:
nat (DMZ,outside) source dynamic any interface destination static x x
where x would be the ip address of the destination which you need to access. You need the real ip address here.
Let me know if it helps.
HTH
-
AJ
12-26-2016 01:05 PM
THX it works. Is there any article which would explain this topic. I'm not really sure between the difference of NAT in global config compared to under an object network.
12-26-2016 10:06 PM
Hello,
You can go through below links to understand the difference between manual and auto NAT. Manual (twice) NAT is basically policy nat version of 8.2 code. Also, please read about the order of preference which would make things simpler for you.
Let me know if there are any questions:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html
HTH
-
AJ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide