cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11868
Views
0
Helpful
5
Replies

How to configure destination NAT in Cisco ASA Firewall?

shunmubala
Level 1
Level 1

Hi Peers

I have a 2 Cisco ASA Firewalls, each in separate sites i.e. Site1 and Site2 that is running site-to-site vpn. This is working fine. Both the LANs are able to ping each other.

Site1 LAN Network Address : 10.10.10.0/24

Site2 LAN Network Address : 20.20.20.0/24

At present, from a workstation in Site1, for example 10.10.10.50, wants to communicate with a workstation in Site2, for example 20.20.20.50, this works fine because my site-to-site VPN is UP and working well.

Now I have been given a new requirment. From 10.10.10.50, if it wants to talk to 20.20.20.50, the IP 10.10.10.50 must talk to 10.10.10.150. The Cisco ASA FW in Site1 must see that the destination is 10.10.10.150 and translate that destination to 20.20.20.50.

Basically, Site1 LAN users will communicate with 10.10.10.150, and they won't know the IP 20.20.20.50. Hence, what I want to achieve here is destination NAT. The source IP remains, no change, only destination. I know I need to configure the destionation NAT on  Cisco ASA FW in Site1 but I don't know the command. 

can someone point me in the right direction, pleaseeeeee :-)

5 Replies 5

oloyede29
Level 1
Level 1

Do you mean static nat

you could have this on your asa 1


nat (inside,outside) source static 10.10.10.150 10.10.10.150 destination static 20.20.20.50 20.20.20.50

asa 2

nat (inside,outside) source static 20.20.20.50 20.20.20.50 destination static 10.10.10.150 10.10.10.150

hope it works

Hi Sir
Thanks for your reply. Just to clarify, I'm using Cisco ASA 5520 v8.2. Hence, can I confirm the following solution;

ASA1 in Site1
static (inside,outside) 20.20.20.50 10.10.10.150 netmask 255.255.255.255

ASA2 in Site2
static (inside,outside) 10.10.10.150 20.20.20.50 netmask 255.255.255.255

Please kindly confirm, sir.

since you are using 8.2 version the above configuration will not suffice as this will only work on 8.4 upward can u post ur current nat configuration

Farhan Mohamed
Cisco Employee
Cisco Employee

you could have this on your asa 1


nat (inside,outside) source static 10.10.10.150 10.10.10.150 destination static 20.20.20.50 20.20.20.50

asa 2

nat (inside,outside) source static 20.20.20.50 20.20.20.50 destination static 10.10.10.150 10.10.10.150

hope it works

ashish360gupta
Level 1
Level 1

nat (inside,outside) source static 10.10.10.50 10.10.10.50 destination static 10.10.10.150 20.20.20.50

 

asa 2

nat (inside,outside) source static 20.20.20.50 20.20.20.50 destination static 10.10.10.50 10.10.10.50

 

It will owrk I already implemented the same configuration in my Cisco 5516X firewall.

Review Cisco Networking for a $25 gift card