Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
0
Helpful
1
Replies

Double NATting ASA 5510 8.4 how to ?

Toby Scholz
Level 1
Level 1

‎11-27-2014 09:05 AM - edited ‎03-07-2019 09:41 PM

Hi, I have a situation that creates a bit of a headache for me.
The task is to use SMB / NetBIOS (Win Server 2008 R2) to open a connection and transfer a file from host 2 to host 1. Sounds easy, I know.

Here's the setup:

 

Host 1: 192.168.10.34 (on 192.168.10.0/24): on our ASA

VPN-proxy network: 10.14.17.0/28: on our ASA

Host 2: 10.5.26.37 (on 10.5.26.0/24): 3rd party network, cannot touch this

 

192.168.10.0/24 has a route to 10.5.26.0/24 via 10.14.17.0/28. The ASA dynamically PATs this, so we can open an RDP connection from 192.168.10.0 no problem.

However, 10.5.26.0/24 has NO route to 192.168.10.0/24 (and 3rd party has refused to add one). In other words, I cannot initiate a connection from 10.5.26.37, because it doesn't know where to go.
What I could do of course is create a static route via a proxy address, say 192.168.10.34 = 10.14.17.10. This would allow me to make a connection from host 2 to host 1. However, doing that breaks initiating a connection from any host that is not host 1, since all return traffic would get sent to host 1.

Now my question is, can I configure the ASA such that only SMB/NetBIOS packets that originate from host2 get translated to host1, but all other traffic uses the existing NAT / PAT setup via the proxy network?

I've been trying to figure this out for several weeks now and have hit a wall.

Any help is greatly appreciated!
 

Labels:
0 Helpful
1 Reply 1

Support Support
Level 1
Level 1

‎11-28-2014 01:41 AM

Hello,

Could you look at Policy NAT or NAT Exemption?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card