Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3249
Views
20
Helpful
5
Replies

Static NAT Both Directions ASA 9.8

Go to solution
jtapia0011
Level 1
Level 1

‎07-09-2020 04:38 PM

Hello friens I hope  you are good.

 

 

People  I need to make a static Nat for both flow direction inside a VPN  Site to site.

 

 

This  is the  configuration

 

nat (interface inside - interface outside) 1 source static A.A.A.A B.B.B.B destination static Z.Z.Z.Z Z.Z.Z.Z. route-lookup

 

As you can see source translate and destination are same thats is ok, but what  what happend  if the destination Z.Z.Z.Z is who want  to open the conection to my side, that nat ¿Does it work anyway? I mean Z.Z.Z.Z ---->  B.B.B.B A.A.A.A  ¿?

 

----------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Apart from this a quick question, when you do a nat with position rule, if there are already several rules

1
2
3
and I create a new one with a number 1 on it that replaces the old number 1 or just lowers it or moves the old number 1 a little lower

 

 

thanks  a lot

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
HaroldCalderon
Level 1
Level 1

‎07-18-2020 02:01 PM

Just change the interface, put them in a reverse way

 

 

inside,outside

 

now

 

outside, inside ( here reverse addess too)

 

outside inside destination destination original source nat source 

 

thats it

View solution in original post

5 Replies 5

Go to solution
HaroldCalderon
Level 1
Level 1

‎07-10-2020 06:50 AM

¿someone has had this scenario?

Go to solution
Marius Gunnerud
VIP
VIP

‎07-10-2020 12:31 PM

Yes, this configuration will work in both directions given that this is a single IP and that the remote site accesses the device using the B.B.B.B IP.  If this were a dynamic NAT (i.e. you are NATing a whole subnet to a public IP over the VPN) you would need to add a seperate static NAT for the device you want to grant access to.

 

Apart from this a quick question, when you do a nat with position rule, if there are already several rules

1
2
3
and I create a new one with a number 1 on it that replaces the old number 1 or just lowers it or moves the old number 1 a little lower

If you insert a NAT into position 1, then the other existing rules will be renumbered.  For example, existing rule 1 will become rule 2, existing rule 2 will become rule 3, etc.

--
Please remember to select a correct answer and rate helpful posts

Go to solution
HaroldCalderon
Level 1
Level 1
In response to Marius Gunnerud

‎07-17-2020 10:24 AM

thanks the order nat working but, the nat reverse no,

 

This is because  I need the  destination be nated to other Ip isside my lan , so  may be  I have to do the nat inside an object network like

 

 

Object netowork  name

a.a.a.a

(inside,outside) c.c.c.c

Go to solution
HaroldCalderon
Level 1
Level 1

‎07-18-2020 02:01 PM

Just change the interface, put them in a reverse way

 

 

inside,outside

 

now

 

outside, inside ( here reverse addess too)

 

outside inside destination destination original source nat source 

 

thats it

Go to solution
jtapia0011
Level 1
Level 1
In response to HaroldCalderon

‎07-20-2020 07:39 AM

This works... 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card