Solved: Policy NAT with port translation (8.3+)

sulloas16 · ‎01-18-2016

Hi!

I am trying to configure a static policy nat rule with port translation but I can't find any configuration example (only auto-nat examples which as far as I understand are based on source IPs only).

HOST1 ------inside------ ASA --------outside-------- HOST2

I want HOST1 to nat to outside interface when communicating only with HOST2 via port 80.

I already defined object service with TCP80 but don't know where to place it on my nat statement.

nat (inside,outside) source static HOST1 interface destination static HOST2 HOST2

I appreciate your help.

Thanks.

Guddu Prasad · ‎01-18-2016

Hi Sulloas,

Try the below syntax.

object network Host1
host 192.168.100.100

object service obj-tcp-80
service tcp destination eq 80

object network Host2
host 1.1.1.1

nat (inside,outside) source dynamic Host1 interface destination static Host2 Host2 service obj-tcp-80 obj-tcp-80

Thanks

Guddu

View solution in original post

Guddu Prasad · ‎01-18-2016

Hi Sulloas,

Try the below syntax.

object network Host1
host 192.168.100.100

object service obj-tcp-80
service tcp destination eq 80

object network Host2
host 1.1.1.1

nat (inside,outside) source dynamic Host1 interface destination static Host2 Host2 service obj-tcp-80 obj-tcp-80

Thanks

Guddu

sulloas16 · ‎01-21-2016

Hi Guddu,

Thanks for your recomendation! Based on the nat you wrote I just changed it to static and it worked as expected.

Thanks again!

Steph