Multiple Destination Static NATs to the same IP

Tan_da_Man · ‎09-04-2021

hi

Would the below work? The source subnet will remain same but whether the users are trying the first destination or second, the requirement is that the destination is Nat'd to the same IP? I can see this working if initiated from internal but if initiated from Outside then how would the ASA know what to translate HOST-10.1.8.5 to? Or will it NAT it accordingly to the order the NAT statements come on the list?

nat (internal,Outside) source static Net-172.16.3.0_24 Net-172.16.3.0_24 destination static NAT-172.16.2.101 HOST-10.1.8.5
nat (internal,Outside) source static Net-172.16.3.0_24 Net-172.16.3.0_24 destination static NAT-172.16.2.102 HOST-10.1.8.5

balaji.bandi · ‎09-04-2021

Not sure why there is 2 times subnet here ? or is this what you looking to do ?

nat (internal,Outside) source static Net-172.16.3.0_24 Net-172.16.3.0_24

Look at the example : (One-to-Many Static NAT)

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/firewall/asa-96-firewall-config/nat-basics.html#ID-2090-0000083f

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Sheraz.Salim · ‎09-06-2021

Static Nat is a bidirectional. either will work

nat (Outside,internal) source static  HOST-10.1.8.5 NAT-172.16.2.102 destination static Net-172.16.3.0_24 Net-172.16.3.0_24
nat (Outside,internal) source static  HOST-10.1.8.5 NAT-172.16.2.101 destination static Net-172.16.3.0_24 Net-172.16.3.0_24

nat (internal,Outside) source static Net-172.16.3.0_24 Net-172.16.3.0_24 destination static NAT-172.16.2.101 HOST-10.1.8.5
nat (internal,Outside) source static Net-172.16.3.0_24 Net-172.16.3.0_24 destination static NAT-172.16.2.102 HOST-10.1.8.5

however NAT statements will come on the list as define by the order.

please do not forget to rate.