Solved: Problem Nat with Asa 5520 vers 8.4

lbellicaud · ‎09-16-2011

Hi All,

I want to set up NAT with ASDM on ASA for a client and I can not make it work.

Let me explain, I have several interface:

Inside: 10.97.0.1 / 24

Outside: 10.0.1.70 /24

Interco: 192.168.6.1 /24

Other Sites: 10.26.0.4 /24

All routing in the network is Ok

My customer want to access a server @ ip 10.194.70.1 in https on the interface Interco with his nat address as 10.97.0.11 .

This server must be accessible with the address 10.97.0.11:443 from interfaces inside, outside and other sites.

And source address must be nated with original destination address 10.97.0.11 to be redirected on 10.194.70.1.

Thanks

varrao · ‎09-24-2011

You can use just one single sattement for it as well:

object network natted_ip

host 10.97.0.11

object network real_ip

host 10.194.70.1

object network Natted_SourceIP

host 10.97.0.254

object service tcp_443

service tcp source eq 443

nat (inside,Interco) source dynamic any Natted_SourceIP destination static natted_ip real_ip service tcp_443 tcp_443

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

varrao · ‎09-16-2011

Hi,

I am not sure about your exact requirement, can you just write the requirements in from of each question???

Behind whihc interface is teh server connected??

Real ip of server??

Wat should be the natted ip of server???

should it be accessible from all other 3 interafces???

Thanks,

Varun

Thanks,
Varun Rao

lbellicaud · ‎09-16-2011

Hi Varun,

Server is on remote site and can be reached by the interface Interco.

Real ip: 10.194.70.1

Natted ip:10.97.0.11

It should be accessible from all other interfaces with Natted Address.

thanks

varrao · ‎09-16-2011

Hi,

You would need this nat statement:

object network natted_ip

host 10.97.0.11

object network real_ip

host 10.194.70.1

object service tcp_443

service tcp source eq 443

nat (Interco,any) source static real_ip natted_ip service tcp_443 tcp_443

Hope this helps,

Thanks,

Varun

Thanks,
Varun Rao

lbellicaud · ‎09-17-2011

Hi Varun,

it's not that simple, it is necessary that the real addresses access to the server are nated with the same address 10.97.0.11 on the interface Interco.

thanks

varrao · ‎09-17-2011

Hi,

I am sorry i didnt get your question correct, do yu want the source addresses that access the server to be natted to the same ip 10.97.0.11 as well???

Well if thats your query then it is not possible, you cannot nat the source and the destination to the same ip.

-Varun

Thanks,
Varun Rao

lbellicaud · ‎09-24-2011

Hi Varun,

excuse for the delay!!

Then, i can translate my source with another address for example: 10.97.0.254???

object network natted_ip

host 10.97.0.11

object network real_ip

host 10.194.70.1

object network Natted_SourceIP

host 10.97.0.254

object service tcp_443

service tcp source eq 443

nat (Interco,any) source static real_ip natted_ip service tcp_443 tcp_443

nat (inside,interco) source dynamic any Natted_SourceIP any

Laurent

varrao · ‎09-24-2011

You can use just one single sattement for it as well:

object network natted_ip

host 10.97.0.11

object network real_ip

host 10.194.70.1

object network Natted_SourceIP

host 10.97.0.254

object service tcp_443

service tcp source eq 443

nat (inside,Interco) source dynamic any Natted_SourceIP destination static natted_ip real_ip service tcp_443 tcp_443

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao