10-15-2015 01:18 PM - edited 03-11-2019 11:45 PM
Hi
It has been a couple of years since I last had my hands on the ASA firewall - but a question popped up the other day, which I could not answer..
Is it possible to do policy based destination PAT from the outside to inside interfaces - based on source IP address ?
The outside (static) IP is assigned by DHCP (only a single address is available) - and if traffic is initiated towards the outside IP from source address A towards tcp port 443, it should be redirected/PAT'ed to DMZ1 port 5630 - and for all other source IP addresses it should be redirected/PAT'ed to DMZ2 port 443.
Is this possible at all? Firmware version is 9.2 ..
Regardes
Brian
10-18-2015 12:04 AM
Hi Brian,
You can create manual NAT rules to implement your network requirement.
Create the NAT for specific ports above the rules for broad range of ports.
object service 5630
service tcp destination eq 5630
object service 443
service tcp source eq https
nat (DMZ1,outside) source static <real-ip> <mapped-ip> service 5630 443
nat (DMZ2,outside) source static <real-ip> <mapped-ip>
Hope it helps!!!
Thanks,
R.Seth
Mark the answer as correct if it helps in resolving your query!!!
10-18-2015 03:23 AM
Hi
This maps port 443 -> 443 and 5630 -> 5630
What I want to achieve is (if possible):
If traffic originates from IP address A and hits the outside interface on TCP port 443, it should be PAT'ed to a host in DMZ1 port 5630
For all other traffic that hits the outside interface on TCP port 443, it should be PAT'ed to a host in DMZ2 port 443 ..
Regards
/Brian
10-18-2015 03:54 AM
Hi,
To NAT traffic for a specific source IP, you can make following changes,
nat (DMZ1,outside) source static <real-ip> <mapped-ip> service 5630 443 destination static <sourceip> source ip>
nat (DMZ2,outside) source static <real-ip> <mapped-ip>
Thanks,
R.seth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide