Solved: NAT from cisco asa interfaces toward mpls sites - Page 2

nikmagashi1 · ‎02-15-2023

Hi,

I have configured a cisco asa (a virtual one) and there I have 5 internal networks (inside ASA) and then from this asa I have an interface calles MPLS which sends traffic (from and to) mpls sites. Now the question is this: I have configures NAT rules as below:

I also have configured 6 other NAT rules with the same setting but with different destination interface. The question is now, do I have to configure others NAT rules the other way round for example:

Or maybe because I have chose under the direction "Both" so there is no need to configure the contrariwise rule.

Best regards

nikmagashi1 · ‎02-16-2023

Yes sir, for the internet I have configured PAT and placed at the bottom of the list of NAT rules and then on top of that I have placed the NAT rules for the mpls sites toward other subnets (maybe worth to mention that mpls is just an interface same as f.ex. lan interface on ASA).

Because I used ANY as source interface on the NAT rule for internet access, I needed to define on top of that NAT rules for the MPLS interface toward internal subnets. I assume I could skip creating NAT rules for mpls interface to other interfaces inside ASA if I create NAT rule for internet access only on those interface specifically and not use ANY as source interface.

MHM Cisco World · ‎02-16-2023

I prefer you add NAT to each INside interface toward the MPLS interface and here you can specify also the subnet of INside and subnet of Sites you can reach via MPLS