Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1249
Views
4
Helpful
2
Replies

Migrate iptables rules to asa5505

santiagohoyos
Level 1
Level 1

‎09-11-2013 04:43 PM - edited ‎03-07-2019 03:25 PM

Hi,

I have a custumer that they have a Linux firewall with iptables and like to migrate it to asa5505.

The problem is a no tipical Dnat that it running in prerouting.

This Dnat change the detination ip according the net from and port at the packages.

This packages come to server from a VPN in IpSEC, and the moment it arrive the firewall chage after it go in at routing tables.

I need to change the IP at prerouting momento becouse the original destinaiton IP is a IP in the firewall and we need that the package go to a server in a LAN.

I hope the next graphics explain any more :

                              VPN IpSec                                                                                 LAN

     VPN <-------------------------------------->FW Linux IP:192.168.5.20 <---------------------------------------> Server IP:192.168.10.20

Original Package                                   Change at FW                                       

192.168.5.20:1234                               192.168.5.20:1234 to 192.168.10.20:1234

The question is : Is it posible to replite it in a ASA5505 ? and the answer it yes can help me.

Best regrets,

Santiago Hoyos.

Labels:
0 Helpful
2 Replies 2

thomas.g.fan
Level 1
Level 1

‎09-11-2013 11:37 PM

From my understanding, the answer is yes.

suppose ASA interface connect to VPN is named outside and ASA interface connect to LAN is named inside, then NAT command for ASA would be like this:

object network vpn-client

host ip_address 192.168.5.20

object network lan-server

host ip_address 192.168.10.20

nat (inside,outside) source static lan-server vpn-client destination static any any

santiagohoyos
Level 1
Level 1
In response to thomas.g.fan

‎09-12-2013 04:09 AM

Hi, ok, now the real problem it we have 2 vpns with diferent networks, IP and server.

In this case how to setup the inside and outside interzas ? it's a no easy configuration that i found in a linux firewall

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card