Hello,
I need to configure the SRC and DST nat for The Active Directory domain needs to reach a DST nat to contact the external DNS
Src 10.168.138.10
DNS forwarder 172.21.2.130
SNAT 194.169.30.1
DNAT 8.8.8.8
This is my configuration.
The interface incoming is Transit_internet
The outgoing interface is Internet
access-list Transito_Internet_access_in extended permit tcp object-group H-10.168.138.10 object-group DNAT_172.21.2.130 object-group DNS log warnings
static (Transito_Internet,Internet) 194.169.30.1 10.168.138.10 netmask 255.255.255.255
static (Transito_Internet,Internet) 8.8.8.8 172.21.2.130 netmask 255.255.255.255
My goal is that real src 10.168.138.10 contact the DNAT on ASA 172.21.1.130 after that applies the source NAT with 194.169.30.1 to contact the external DNS
This config could be ok?
Thanks