Solved: NAT Configuration on ASA 9.1(3)

MOHAMMED IBRAHIM THAKKADI AHAMED · ‎03-19-2015

I installed an ASA 5585 firewall for one of our customer. I am trying to map inside antivirus IP 10.10.10.2 to the outside interface IP 192.168.10.4

Here is the NAT configuration. Please assist whether this configuration will work, post I need to implement the same.

interface GigabitEthernet0/4
nameif MD_MSCO
security-level 0
ip address 192.168.10.4 255.255.255.128 standby 192.168.10.5

interface Port-channel20.30
nameif Non-App
security-level 100
ip address 10.124.27.164 255.255.255.248 standby 10.124.27.165

ciscoasa(config)# object network my-inside-net
ciscoasa(config-network-object)# host 10.10.10.2
ciscoasa(config-network-object)# nat (Non-App,MD_MSCO) dynamic interface

jj27 · ‎03-19-2015

Looks good as long as you only need dynamic NAT sourced from the AV server. If you need any sort of access from the outside in to the AV server then you would need to use static NAT. I'm sure it is there, but make sure you have a route for 10.10.10.2 or the network it lives on back through the Non-App interface.

View solution in original post

jj27 · ‎03-19-2015

Looks good as long as you only need dynamic NAT sourced from the AV server. If you need any sort of access from the outside in to the AV server then you would need to use static NAT. I'm sure it is there, but make sure you have a route for 10.10.10.2 or the network it lives on back through the Non-App interface.