I have a question for Firewall natting. I have following config on FWSM 4.1(15) which I am trying to import to ASA 9.3 code. I was using static (inside,inside) and (inside,outside) for the same pair of NAT as I expect traffic initiated from both inside and outside. The destination original IP address is 172.20.48.201. I was using alias command as well for this communication to work from inside.
To make it simple for you. I have the below config for FWSM which works fine today.
static (INSIDE,OUTSIDE) 76.26.17.130 172.20.48.201 netmask 255.255.255.255
static (INSIDE,INSIDE) 76.26.17.130 172.20.48.201 netmask 255.255.255.255
alias (INSIDE) 10.224.0.0 172.16.0.0 255.240.0.0
I am planning to use the below config on ASA for the same. I am unable to use (inside,inside) and (inside,outside) in one nat objects as ASA is not accepting two nat statements for one object.So I created two object nat statements to fulfill this. I am planing to use nat with "dns" as a replacement for alias. Can you please give an idea if this config will work?
object network obj-172.20.48.201-1
host 172.20.48.201
nat (INSIDE,INSIDE) static 76.26.17.130
object network obj-172.20.48.201-2
host 172.20.48.201
nat (INSIDE,OUTSIDE) static 76.26.17.130
Does he below alias command look right?
object network obj-172.16.0.0
subnet 172.16.0.0 255.240.0.0
nat (any,INSIDE) static 10.224.0.0 dns
