Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
6
Replies

Forward outgoing traffic

Go to solution
filip00011
Level 1
Level 1

‎12-25-2016 03:49 PM - edited ‎03-12-2019 01:42 AM

I want to achieve this:

When user from Inside subnet  goes to the IP 46.253.96.18 I want him to redirect to the IP  195.113.165.19

I have got this

object network SPSE
host 195.113.165.19
object network webmail
host 46.253.96.18

nat (DMZ,outside) source static any any destination static webmail SPSE

The end result is that neither page works.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ajay Saini
Level 7
Level 7

‎12-25-2016 11:09 PM

The config looks good. Could you please run a packet-tracer command and share the result. I believe that the issue is because we need a public ip mapping for the source while going to internet.

Try below:

nat (DMZ,outside) source dynamic any interface destination static webmail SPSE

-

AJ

View solution in original post

0 Helpful

Go to solution
Ajay Saini
Level 7
Level 7
In response to filip00011

‎12-26-2016 10:49 AM

Well, that should work if we have another NAT statement something like below:

nat (DMZ,outside) source dynamic any interface destination static x x

where x would be the ip address of the destination which you need to access. You need the real ip address here.

Let me know if it helps.

HTH
-

AJ

View solution in original post

0 Helpful
6 Replies 6

Go to solution
MANI .P
Level 1
Level 1

‎12-25-2016 09:44 PM

Hi,

#object network MyDMZinside

#subnet 10.10.10.0 255.255.255.0

#object network 195_113_IP

#host 195.113.165.19

#object network 46_253_IP

#host 46.253.96.18

#nat (dmz,outside) source  dynamic MyDMZinside 195_113_IP dynamic static 46_253_IP 46_253_IP

(10.10.10.0 255.255.255.0 ) ----------> ( Change as 195.113.165.19)------> (when goes to 46.253.96.18)

Rate if this helps you.

Thanks ,

Mani

0 Helpful

Go to solution
Ajay Saini
Level 7
Level 7

‎12-25-2016 11:09 PM

The config looks good. Could you please run a packet-tracer command and share the result. I believe that the issue is because we need a public ip mapping for the source while going to internet.

Try below:

nat (DMZ,outside) source dynamic any interface destination static webmail SPSE

-

AJ

0 Helpful

Go to solution
filip00011
Level 1
Level 1
In response to Ajay Saini

‎12-26-2016 10:26 AM

so the forwarding works, but I cannot go to the "allowed page directly" is there any way around?

0 Helpful

Go to solution
Ajay Saini
Level 7
Level 7
In response to filip00011

‎12-26-2016 10:49 AM

Well, that should work if we have another NAT statement something like below:

nat (DMZ,outside) source dynamic any interface destination static x x

where x would be the ip address of the destination which you need to access. You need the real ip address here.

Let me know if it helps.

HTH
-

AJ

0 Helpful

Go to solution
filip00011
Level 1
Level 1
In response to Ajay Saini

‎12-26-2016 01:05 PM

THX it works. Is there any article which would explain this topic. I'm not really sure between the difference of NAT in global config compared to under an object network.

0 Helpful

Go to solution
Ajay Saini
Level 7
Level 7
In response to filip00011

‎12-26-2016 10:06 PM

Hello,

You can go through below links to understand the difference between manual and auto NAT. Manual (twice) NAT is basically policy nat version of 8.2 code. Also, please read about the order of preference which would make things simpler for you.

Let me know if there are any questions:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/nat_objects.html

HTH

-

AJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card