cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

462
Views
0
Helpful
3
Replies
David Niemann
Participant

NAT translation - migrating from 8.2 to 9.x

What is the new 8.3+ "coding" for the NAT translation below from an 8.2 ASA? I'm running 9.1.2 on a 5512X

static (WebTestInside,outside) tcp 172.31.0.14 https 192.168.20.14 https netmask 255.255.255.255  dns

I basically want the translation to be used for htttps only.  Otherwise the host should use the interface NAT.

Here's what I've tried, but it doesn't want to let me do the port translation and the dns rewrite.  It will let me do one or the other, not both.

nat (any,outside) source dynamic any interface

object network WebInsideNAT-192.168.20.14
host 192.168.20.14

It will let me do this

object network WebInsideNAT-192.168.20.14

nat (WebTestInside,outside) static 172.31.0.14 dns

or

object network WebInsideNAT-192.168.20.14

nat (WebTestInside,outside) static 172.31.0.14 service tcp 443 443

but not both

object network WebInsideNAT-192.168.20.14

nat (WebTestInside,outside) static 172.31.0.14 service tcp 443 443 dns

3 REPLIES 3
Marius Gunnerud
VIP Advisor

PAT with DNS rewrite is not supported, which is why you can only do dns rewrite when performing NAT and not PAT.

DNS rewrite is not compatible with static Port Address Translation (PAT) because multiple PAT rules are applicable for each A-record, and the PAT rule to use is ambiguous.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml#prereq

--

Please rate all helpful posts.

--
Please remember to select a correct answer and rate helpful posts

So it just happened to work on the earlier code? That stinks.  Oh well.

Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts
Content for Community-Ad