NAT on ASA 5510

Mohd Khairul Nizam · ‎12-11-2014

Internal 192.168.0.0/24

How can Internal LAN to be NAT to the Outside as different range of IP address?

192.168.0.0-------->NAT------------> 10.215.0.0

ASA ver 8.0(3)

is it possible??

Vibhor Amrodia · ‎12-11-2014

Hi,

What is the Subnet Range of 10.215.0.0 ? If it is /24 , you can use this:-

static (inside,outside) 10.215.0.0 192.168.0.0 netmask 255.255.255.0

This will make sure that every IP takes it's corresponding IP in the NAT subnet.

Thanks and Regards,

Vibhor Amrodia

Mohd Khairul Nizam · ‎12-12-2014

Apparently it can't

MLK-ASA(config)# static (inside,outside) 10.215.0.0 192.168.0.0 netmask$
WARNING: real-address conflict with existing static
TCP Inside:192.168.0.254/23 to outside:60.51.196.54/2828 netmask 255.255.255.255

Vibhor Amrodia · ‎12-12-2014

Hi,

Although this is a warning and we also have an existing Xlate which is overlapping with the IP which you are using.

You can use Packet Trace to verify the configuration:-

https://supportforums.cisco.com/document/29601/troubleshooting-access-problems-using-packet-tracer

Thanks and Regards,

Vibhor Amrodia

Mohd Khairul Nizam · ‎12-12-2014

Actually, the real scenario is like this..

i want to perform site to site to remote.

local lan is 192.168.0.0/25. The remote lan is 10.210.0.0/24.

So is it really possible to NAT 192.168.0.0 to 10.215.0.0 and make it the interesting traffic.??

bcoz the remote site ACL is

ip access-list extended KP-KPMMF-ACL
permit ip 10.210.0.0 0.0.0.255 10.215.10.0 0.0.0.255