Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1669
Views
0
Helpful
5
Replies

NAT on ASA

Hulk8647
Level 1
Level 1

‎02-26-2019 10:26 AM - edited ‎02-21-2020 08:52 AM

I need to create NAT where lets say a source from an outside IP is 33.33.33.33 to coming inside to lets say my public IP 1.1.1.1.1 which is mapped to 172.10.10.1 port 300.

So question is, how do I create nat rule saying if source IP is coming from 33.33.33.33 to map it to 1.1.1.1 (which will map it to my internal 172.10.10.1 on port 300.)

 

33.33.33.33 ----> http/https -----> 1.1.1.1 ------> 172.10.10.1 port 300

0 Helpful
5 Replies 5

mclaughlinm9
Level 1
Level 1

‎02-26-2019 11:27 AM

If I'm understanding you correctly, you're saying if traffic sourced from 33.33.33.33 destined to 1.1.1.1 on port 443, then translate 1.1.1.1 to 172.10.10.1 and 443 to 300

      object network 33.33.33.33-obj
        host 33.33.33.33
      object network 1.1.1.1-obj
        host 1.1.1.1
      object network 172.10.10.1-obj
        host 172.10.10.1
      object service tcp-443
        service tcp destination eq https
      object service tcp-300
        service tcp destination eq 300
      nat (Outside,Inside) 1 source static 33.33.33.33-obj 33.33.33.33-obj destination static 1.1.1.1-obj 172.10.10.1-obj service tcp-443 tcp-300
0 Helpful

Hulk8647
Level 1
Level 1
In response to mclaughlinm9

‎02-26-2019 11:51 AM

thank you! I'll give it a try and let you know!

0 Helpful

Sheraz.Salim
VIP
VIP

‎02-26-2019 01:16 PM

as you never mentioned what port you coming in. so assuming the coming port could be any number. and other thing do have a spare public ip address on outside interface or you want to land your outside traffic on your public facing asa interface and than doing the mapping?

here is the config if you have a public ip address as you mentioned in your post.

 

object network SERVER
host 172.10.10.1
!
object network PUBLIC
host 1.1.1.1
!
nat (inside,outside) source static SERVER PUBLIC
!
access-list OUTSIDE_IN extended permit tcp any object SERVER eq 300
access-group OUTSIDE_IN in interface outside

please do not forget to rate.
0 Helpful

Hulk8647
Level 1
Level 1
In response to Sheraz.Salim

‎02-27-2019 08:40 AM

I'll be coming on on 443 and 80 which should then transalate to port 333. I have a spare IP on outside, lets say its 1.1.1.1

0 Helpful

Sheraz.Salim
VIP
VIP
In response to Hulk8647

‎02-27-2019 11:10 AM - edited ‎02-27-2019 11:56 AM

object network SERVER
host 172.10.10.1
!
object network PUBLIC
host 1.1.1.1
!
object service CUSTOM80
service tcp source eq 80
!
object service CUSTOM300
service tcp source eq 300
!
nat (inside,outside) source static SERVER PUBLIC service CUSTOM80 CUSTOM300
!
access-list OUTSIDE_IN extended permit tcp any object SERVER eq 80
access-group OUTSIDE_IN in interface outside
!

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card