Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
941
Views
5
Helpful
1
Replies

Source NAT - ASA

GRANT3779
Spotlight

‎04-22-2019 08:47 AM - edited ‎02-21-2020 09:03 AM

Looking at the below - (This could be any addressing and assume all ACLs are in place etc.. for the traffic flow)

 

interface Gi0/1
nameif WAN
security-level 100
ip address 10.99.0.1 255.255.255.0

 

interface Gi0/1
nameif DMZ
security-level 50
ip address 192.168.66.1 255.255.255.0

 

object network OBJ_VENDOR

subnet 192.168.66.0 255.255.255.0

 

object network OBJ_HIDE

host 10.44.0.1

 

nat (dmz,wan) source static OBJ_VENDOR OBJ_HIDE no-proxy-arp

 

If I have the above NAT, when matching traffic leaves this Firewall, does it leave with a source address of the OBJ_HIDE (10.44.0.1) or does it leave the Firewall with the address of the WAN Interface IP (10.99.0.1) ?

 

 

 

 

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎04-22-2019 09:40 AM

Hi,
Assuming you have no other NAT rule with a higher priority which could potentially nat the traffic behind the wan interface, the traffic from the 192.168.66.0/24 network should be natted with 10.44.0.1.

HTH
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top