Hi Firends,
I have the follow scenario:
The server 2.2.2.4 have to access the remote server 4.4.4.4, but follow the situation:
- The source server (2.2.2.4) , only know the remote server (4.4.4.4) with address 3.3.3.4, so when the packet enter the interface inside of ASA, the NAT change the 3.3.3.4 to real address (4.4.4.4);
- The remote server (4.4.4.4), only know address 172.31.0.1 (outside interface of ASA), so the source will be change to 172.31.0.1
How can i change the source to 172.31.0.1 and destination to 3.3.3.4 ?
Obs: ASA has the version 8.2(5) .
Follow Topology:
Accepted Solutions
Hi,
We have to make translation for both endpoints so thats why there is 2 NAT configurations.
access-list IN-OUT-INTERFACE extended permit ip host 2.2.2.4 host 3.3.3.3
static (inside,outside) interface access-list IN-OUT-INTERFACE
access-list OUT-IN-INTERFACE extended permit ip host 4.4.4.4 host 172.31.0.1
static (outside,inside) 3.3.3.3 access-list OUT-IN-INTERFACE
The other configuration will translate the "inside" host and the other will translate the "outside" host
As you can see the first configuration matches traffic from host 2.2.2.4 to host 3.3.3.3 and translates the source to "interface"
For the host 2.2.2.4 to be able to connect to host 3.3.3.3 we will therefore need to translate the host 4.4.4.4 into 3.3.3.3 when traffic is going towards the "interface"
Below is a simple picture of my setup with my base information
When I ping from host 10.10.10.10 to host 1.1.1.1
The following things will happen
- Host 10.10.10.10 will be translated to interface IP address 192.168.103.2
- Host 1.1.1.1 will be untranslated to IP address 192.168.103.1
Heres the debug from the ASA while the ICMP Echo and Echo Reply messages are going through the ASA
ICMP echo request from LAN:10.10.10.10 to WAN:1.1.1.1 ID=1 seq=1978 len=1272
ICMP echo request translating LAN:10.10.10.10 to WAN:192.168.103.2
ICMP echo request untranslating LAN:1.1.1.1 to WAN:192.168.103.1
ICMP echo reply from WAN:192.168.103.1 to LAN:192.168.103.2 ID=1 seq=1978 len=1472
ICMP echo reply translating WAN:192.168.103.1 to LAN:1.1.1.1
ICMP echo reply untranslating WAN:192.168.103.2 to LAN:10.10.10.10
As you can see, my above described situation is happening
Hope this was helpfull Please remember to rate / Mark the question as answered or ask more if needed
- Jouni
Hi,
We have to make translation for both endpoints so thats why there is 2 NAT configurations.
access-list IN-OUT-INTERFACE extended permit ip host 2.2.2.4 host 3.3.3.3
static (inside,outside) interface access-list IN-OUT-INTERFACE
access-list OUT-IN-INTERFACE extended permit ip host 4.4.4.4 host 172.31.0.1
static (outside,inside) 3.3.3.3 access-list OUT-IN-INTERFACE
The other configuration will translate the "inside" host and the other will translate the "outside" host
As you can see the first configuration matches traffic from host 2.2.2.4 to host 3.3.3.3 and translates the source to "interface"
For the host 2.2.2.4 to be able to connect to host 3.3.3.3 we will therefore need to translate the host 4.4.4.4 into 3.3.3.3 when traffic is going towards the "interface"
Below is a simple picture of my setup with my base information
When I ping from host 10.10.10.10 to host 1.1.1.1
The following things will happen
- Host 10.10.10.10 will be translated to interface IP address 192.168.103.2
- Host 1.1.1.1 will be untranslated to IP address 192.168.103.1
Heres the debug from the ASA while the ICMP Echo and Echo Reply messages are going through the ASA
ICMP echo request from LAN:10.10.10.10 to WAN:1.1.1.1 ID=1 seq=1978 len=1272
ICMP echo request translating LAN:10.10.10.10 to WAN:192.168.103.2
ICMP echo request untranslating LAN:1.1.1.1 to WAN:192.168.103.1
ICMP echo reply from WAN:192.168.103.1 to LAN:192.168.103.2 ID=1 seq=1978 len=1472
ICMP echo reply translating WAN:192.168.103.1 to LAN:1.1.1.1
ICMP echo reply untranslating WAN:192.168.103.2 to LAN:10.10.10.10
As you can see, my above described situation is happening
Hope this was helpfull Please remember to rate / Mark the question as answered or ask more if needed
- Jouni
