This document will explain the configuration for Destination NAT, required in some environment where the organization cannot use the destination IP inside the network.

In this configuration we will take three different subnet IP’s for explanation.

Inside user:                            192.168.0.10

Destination Server:                 172.16.1.100

NAT IP:                                     10.1.1.100

The user Bob (192.168.0.10) wants to connect to one of server which is outside campus network with ip 172.16.1.100, but he cannot connect because the subnet 172.16.x.x /24 is already been used inside the campus and network administrator cannot advertise this Server IP inside. For this reason network administrator asks Bob to use the ip 10.1.1.100 which is translated on the Cisco ASA to the Real IP address of Server (i.e 172.16.1.100).

Configuration:

Create object for Real Server IP and nat to the IP which will be used inside to access this server (Destination NAT)

Object network SERVER-IP-172.16.1.100

                host 172.16.1.100

                nat (outside,inside) static 10.1.1.100

Create object for inside IP nated to original Server IP.

Object network NATED-IP-10.1.1.100

                host 10.1.1.100

                nat (inside,outside) static 172.16.1.100

Create object for original source ip if one want to nat the Source IP

Object network USER-IP-192.168.0.10

                host 192.168.0.10

                nat (inside,outside) static (interface / Static IP / Dynamic IP)