cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
844
Views
0
Helpful
1
Replies

Identity NAT on ASA 8.3

sshantikumar
Level 1
Level 1

Hello,

I am trying to configure identity nat from a packet originating on the DMZ to Inside. So i have created this configuration

object network identity_nat_1_245

host 192.168.1.245

object network real_nat_1_245

host 192.168.1.245

nat (dmz,inside) static identity_nat_1_245

Is this correct?

On another note, the documentation provided by Cisco is a bit confusing

nat [(real_ifc,mapped_ifc)]

static

{

mapped_inline_ip | mapped_obj

}

In the above example, real interface would be where the packet is originating from and mapped interface is where the packet is destined for??

What is mapped inline_ip and mapped_obj??

Thanks

1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

Hi,

Not  necessarily, Nat the host on the inside Only with a manual NAT, put an access list on the DMZ and that should do the trick, for example, host 192.168.10.10 is the host on the inside you want to nat to itself.

object network Inside_server

host 192.168.10.10

nat (inside,dmz) 1 source static Inside_server Inside_server

Put an acl on the DMZ ( If there is one already in, just put a line on it)

access-list dmz-in permit tcp any host 192.168.10.10 eq 3389

access-list dmz-in deny ip any host 192.168.10.10

access-list dmz-in permit ip any any

access-group dmz-in in interface dmz

Hope this helps.

Mike

Mike