cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Source and destination NAT

bapatsubodh
Beginner
Beginner

Hi,

We need to change the source and destination address of a packet in a single travel.

For example :

F/w : outside : 10.1.1.1 /24 ( subnet )

F/w ; inside : 192.168.1.1 /24  ( subnet )

Requirement is :

If packet with source IP : 192.100.100.1 and destination IP : 10.1.1.50 arrives on the firewall outside interface.

Can we static- NAT it's source and destination both IP and send the packet  towards inside interface. .

So this  packet source will be :  192.168.1.50 ( same as of inside subnet)  and target will be 172.30.1.1. This packet will exit inside interface.

Original Packet                       ----------> arrived on outside i/f ------->                             Translated Packet

source IP - 192.100.100.1                     Static rules applied                                        source IP = 192.168.1.50 ( same as inside subnet)

Dest IP : - 10.1.1.50                                                                                                 Destination = 172.168.1.1

( same as outside subnet)

When packet returns ( it arrives on inside interface )

Returning packet -----------------> arrives on inside interface -----------> Translated and exits towards outside

source IP = 172.30.1.1            static-NAT                                   source = 10.1.1.50

Destination = 192.168.1.50                                                          Destination = 192.100.100.1

If we configure corresponding static NAt rules will it work or it will give error. Corresponding permit access list and routing is in place.

Please share the experience.

Thanks

Subodh

5 REPLIES 5

Namit Agarwal
Cisco Employee
Cisco Employee

Hi Subodh,

What is the code you are running on the ASA ?

Thanks,

Namit

Pre 8.3 nat:

static (inside,outside) 10.1.1.50 172.30.1.1

static (outside,inside) 192.168.1.50 192.100.100.1

8.3 nat:

object network ouside_real

host 192.100.100.1

object network inside_real

host 172.30.1.1

object network inside_mapped

host 10.1.1.50

object network outside_mapped

host 192.168.1.50

nat (inside,outside) source static inside_real inside_mapped destination static  outside_mapped outside_real

refer this link: https://supportforums.cisco.com/docs/DOC-9129

-KS

Maykol Rojas
Cisco Employee
Cisco Employee

Hello

Yup, it has been tested. At least in my experience in Nat previous 8.3 it works fine and Sankar is explaining. Of course, this will need to be done with Static Nat.

If you have any kind of error messages or something is not working please feel to post your questions.

Cheers

Mike.

Mike

Thanks Guys for info. I need to put these on the actual firewall and see if it works as expected.

Changing the source and destination IP address of the same packet in a single (entry and exit).

Hello,

Sounds great, just let us know if you run into any problems.

Mike.

Mike
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: