Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1124
Views
0
Helpful
1
Replies

ASA - Many to Many NAT

Mokhalil82
Level 4
Level 4

‎08-04-2016 09:19 AM - edited ‎03-08-2019 06:52 AM

Hi

Security is not my best topic so I have a slight Natting dilemma.

We are allowing 2 supplier external IPs (group External_Suppliers) access to our internal domain controller (10.10.10.1) on port 636 (ldaps). 10.10.10.1 is natting to 27.2.2.25. So we have a nat for this as below

nat (inside,outside) source static 10.10.10.1 27.2.2.25 destination static External_Suppliers External_Suppliers

Now we have another domain controller (10.10.10.2) that we want the supplier to have access to on the same port (636 ldaps). Can I just create an object (Domain_Controllers) to group the domain controller IPs and add them to the NAT like this:

nat (inside,outside) source static Domain_Controllers 27.2.2.25 destination static External_Suppliers External_Suppliers

Consider the necessary access rules are already in place. Will the above work as the destination port for both is ldaps, or will I need to NAT to another external IP from my available ranges.

Thanks

Labels:
0 Helpful
1 Reply 1

Reza Sharifi
Hall of Fame
Hall of Fame

‎08-04-2016 10:31 AM

Hi,

That should work. There is an example in this doc using the range of IPs.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/nat_objects.html

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card