Solved: Re: Need NAT configuration for ASA5508-X

Richa05 · ‎04-09-2018

I want to know how to create a NAT rule in Cisco ASA if i am having these details with me

1. Source address---It is an object group/groups of 2-3 Hosts

2.Destination address---Object group of two or more host

Source object is part of Internal network and want to access FTP via wan connection.

I am doing this via ASDM by going into NAT rules where i defined source interface as Internal network and Destination interface of wan.

Just want a clarification on Translated source address...Do i need to define Source objects here or wan IP.

Ben Walters · ‎04-09-2018

Then yes, for the NAT rule you can say:

Source intf: Inside interface

Dest intf: WAN interface

source: "Inside object group"

destination: "WAN object group"

Translated source: WAN IP (or WAN interface in general for dynamic NAT)

Translated destination: Original

You can also specify the service if you really want to for FTP.

View solution in original post

Ben Walters · ‎04-09-2018

For translated source address it would be an address on your WAN interface side but it depends on what you are trying to accomplish. If you are doing dynamic NAT (multiple addresses to one) one rule would do it for you, but if you are looking to have static NAT for each host you would want to use multiple rules.

Richa05 · ‎04-09-2018

Yes, i want to accomplish dynamic nat(hide)

Ben Walters · ‎04-09-2018