How do I rewrite destination IP with another public on Cisco ASA?

mspayne76 · ‎05-28-2014

We have a vendor having issues with their load balancer and are not responsive with tech support to us. They are handing out 2 DNS entries, one works, one does not. I would like to rewrite the bad one with the good one on our ASA outbound to band aid the issue until we can get resolved with their tech support. What is the appropriate NAT statement?

James Leinweber · ‎05-29-2014

What's your firmware version? The NAT syntax was completely redone, with <=8.2 using the old style and >=8.4 using the new; I forget which one 8.3 uses.

Marius Gunnerud · ‎05-30-2014

8.3 uses the new NAT configuration.

This link provides a good overview of the relationship between the old NAT and new NAT statements:

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

What exactly are you trying to "band aid" is it the DNS requests?

If you are running version 8.3 or higher, you could try something like the following:

object network BAD-DNS
host x.x.x.x
object network GOOD-DNS
host y.y.y.y
object network LAN
subnet z.z.z.0 255.255.255.0
nat (inside,outside) source static LAN LAN destination static BAD-DNS GOOD-DNS

pre 8.3, i think the commands are like this:
access-list DNS permit ip z.z.z.0 255.255.255.0 host x.x.x.x
static (inside,outside) y.y.y.y access-list DNS

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts