Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
1
Replies

Policy Nat

eddiemeijer
Level 1
Level 1

‎01-24-2011 05:20 AM - edited ‎03-11-2019 12:39 PM

I would like to create the following situation on an ASA Firewall, but i can't get find a working solution on new firmware.

Incomming traffic on outside interface on ip 1.1.1.1 can be tcp/443 or tcp/80.

If traffic is on tcp/80 NAT to 2.2.2.1 tcp/80 

if traffic is tcp/443 NAT to 2.2.2.2 tcp/443

In earlier vesion you could do this like:

access-list SSL permit tcp host 2.2.2.2 eq 443 x.x.0.0 255.255.0.0 eq 443

static (Inside,Outside) tcp 1.1.1.1 443 access-list SSL

access-list HTTP permit tcp host 2.2.2.1 eq 80 x.x.0.0 255.255.0.0 eq 80

static (Inside,Outside) tcp 1.1.1.1 http access-list HTTP

This seems to be deprecated.

We are using ASA 8.3(2) , ASDM 6.3(4)50

Thx.,..

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎01-24-2011 07:39 AM

Hi,

In version 8.3 the static and global commands for NAT are gone.

The only command you need is the ''nat'' command.

NAT is performed for objects now so you should define the objects as well.

If I'm not mistaken to migrate a Policy NAT configuration to 8.3 you now use what is called Twice NAT.

Please refer to this document:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_rules.html

Hope it helps.

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card