cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1334
Views
0
Helpful
4
Replies

Policy NAT on ASA 5510 804

J2NoomSai_2
Level 1
Level 1

Hi

How can I configure policy NAT on ASA5510. I would like to do the following;

www.example.com               9.1.1.9     NAT to      10.1.1.9

If source IP =     1.1.1.1

then NAT to     =      10.2.2.9

the rest NAT to = 10.1.1.9

Can someone please help to assist with config?

The issue is I want 1.1.1.1 NAT to 10.2.2.9 when access www.example.com. The rest NAT to current NAT.

Thanks

NS

4 Replies 4

lginod
Level 1
Level 1

Hi NS,

Here is a reference guide for nat configuration on ASA.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_overview.html#wp1088419

Hope this link is useful for you.

--Gino

Thank you. It help for different destination address from inside to outside.

But what I want is base on source address to destination address.

If source coming from outside is =   x.x.x.x

then NAT to LAN IP = y.y.y.1

the rest NAT to LAN IP = y.y.y.2

Hi,

Can you please clarify with a diagram in this scenario?

From what i understand this is how it looks:

[internal nw IP : y.y.y.0 ]------------[ASA]--------- {internet} ---------[www.example.com IP : x.x.x.x]

Question:

=======

1. Is there any reason why you would want to nat a public ip to a private ip?

2. If this nat is done, how do you expect the people in the internal nw to access www.example.com ?

A source based nat from a lower security to higher security is possible, but is more granular in code 8.3 (just an FYI).

--

Gino.

Sorry for confusion; actually it's not for internal user to access outside. It's for outside to access our website.

Let's say we host ww.example.com behind our FW. We want to NAT to different IP behind our Firewall base on source IP

If source IP x.x.x. access our web www.example.com, instead of FW NAT to current NAT y.y.y.1

We want FW NAT to y.y.y.2 just for that source IP.

this is for our migration project and we want that source IP to hit our new NAT IP.

Thanks

Review Cisco Networking for a $25 gift card