Solved: PAT between 2 networks on same interface

roman4711 · ‎11-07-2011

Hi,

I'm using asa 5505 with 8.4(2) and have the following problem.

I have 2 Networks. each Network has it's own externel Internet-Ip and also Mail-Server.

Here is the example:

Network1:

192.168.1.0/24

Mail-Server: 192.168.1.10

External: 1.1.1.1

Network2:

192.168.2.0/24

Mail-Server: 192.168.2.10

External: 2.2.2.2

Both Networks are connectet through a routing-network to the asa

interface: routed

net: 10.10.10.0/24

Now I want a communication between the two Mailservers with their external Ip-Address.

I did a static NAT from ipnt any to int any or also from int routed to int routed, but nothing worked.

Packet tracer showed at NAT-Lookup where the externel adress of the second Mailserver is passed:

Info

Static translate Network1 to Network1

But it should show a translation from network1 to network1-external

Due to Security reasons, I cannot paste the whole config. I hope the example tells enough about my Problem.

Under 8.0 I did the same configuration with Policy-Nat and it worked.

Thanks for help

Sent from Cisco Technical Support iPad App

Julio Carvajal · ‎11-07-2011

Hello Roman,

1-Are they behind the same interface?

2-Can you explain a little bit better your network? A diagram would be great

Can you try this:

Object network Server-inside

host: 192.168.1.10

Object network: Server-secondary

host: 192.168.2.10

Object network Natted-inside

host 1.1.1.1

Object network Natted-secondary_server

host 2.2.2.2

Same-security permit intra-interface

nat (routed,routed) source static Server-inside Natted-inside destination static Server-secondary Natted-secondary_server

nat (routed,routed) source static Server-secondary Natted-secondary_server destination static Server-inside Natted-inside

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎11-07-2011