01-03-2018 07:19 AM - edited 02-21-2020 07:03 AM
Hi,
In 192.168.2.10 enabled http and https . If source is is the server (Server accessing hosts outside ),I want to show the source ip is 2.2.2.2 .
object network 192.168.2.10
nat (Inside,Outside) static 2.2.2.2
nat (Inside,Outside) after-auto source dynamic 192.168.2.10 2.2.2.2
This is possible ?
the below configuration works
object network 192.168.2.10
nat (Inside,Outside) static 2.2.2.2
nat (Inside,Outside) after-auto source dynamic 192.168.2.10 2.2.2.1
Thanks
01-03-2018 10:38 AM
Hi Elite,
If you have configured the following static NAT then there is no need to configure PAT for the same server/IP.
object network 192.168.2.10
nat (Inside,Outside) static 2.2.2.2
If 192.168.2.10 accessing outside host then it will always be having the source IP address 2.2.2.2
01-03-2018 07:40 PM
Hi,
Not all machine in the network 192.168.2.0 have static NAT .
So I have added pat like below
nat (Inside,Outside) after-auto source dynamic 192.168.2.0 2.2.2.3
So whenever traffic is going from any host in the network 192.168.2.0 , it shows 2.2.2.3 .
object network 192.168.2.10
nat (Inside,Outside) static 2.2.2.2
My requirement when 2.10 accessing outside internet host , host has to see the source is 2.2.2.2 instead of 2.2.2.3
Same time host 192.168.2.3 accessing outside internet host , host has to see the source is 2.2.2.3 .
Please note I don't have static nat for 192.168.2.3 like 2.10
Thanks
01-04-2018 06:55 AM
Hi elite,
You need to add "host 192.168.2.10" under your object. Please check below for a sample config.
object network 192.168.2.10
host 192.168.2.10
nat (Inside,Outside) static 2.2.2.2
Now, your host 192.168.2.10 is accessible from the Internet by using public IP 2.2.2.2 based on your outside interface ACL and when this host will go to the Internet it always has source IP 2.2.2.2 instead of 2.2.2.3 because the above NAT has higher preference over the after-auto NAT.
On the other hand, all other hosts from the same subnet will use 2.2.2.3 as the source while going to the Internet due to PAT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide