cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
838
Views
0
Helpful
2
Replies

How do I rewrite destination IP with another public on Cisco ASA?

mspayne76
Level 1
Level 1

We have a vendor having issues with their load balancer and are not responsive with tech support to us.  They are handing out 2 DNS entries, one works, one does not.  I would like to rewrite the bad one with the good one on our ASA outbound to band aid the issue until we can get resolved with their tech support.  What is the appropriate NAT statement?

2 Replies 2

James Leinweber
Level 4
Level 4

What's your firmware version?  The NAT syntax was completely redone, with <=8.2 using the old style and >=8.4 using the new; I forget which one 8.3 uses.

8.3 uses the new NAT configuration.

This link provides a good overview of the relationship between the old NAT and new NAT statements:

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

What exactly are you trying to "band aid" is it the DNS requests?

If you are running version 8.3 or higher, you could try something like the following:

object network BAD-DNS
  host x.x.x.x
object network GOOD-DNS
  host y.y.y.y
object network LAN
  subnet z.z.z.0 255.255.255.0
nat (inside,outside) source static LAN LAN destination static BAD-DNS GOOD-DNS

pre 8.3, i think the commands are like this:
access-list DNS permit ip z.z.z.0 255.255.255.0 host x.x.x.x
static (inside,outside) y.y.y.y access-list DNS

--

Please remember to select a correct answer and rate helpful posts

 

--
Please remember to select a correct answer and rate helpful posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: