cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1400
Views
4
Helpful
2
Replies

Migrate iptables rules to asa5505

santiagohoyos
Level 1
Level 1

Hi,

I have a custumer that they have a Linux firewall with iptables and like to migrate it to asa5505.

The problem is a no tipical Dnat that it running in prerouting.

This Dnat change the detination ip according the net from and port at the packages.

This packages come to server from a VPN in IpSEC, and the moment it arrive the firewall chage after it go in at routing tables.

I need to change the IP at prerouting momento becouse the original destinaiton IP is a IP in the firewall and we need that the package go to a server in a LAN.

I hope the next graphics explain any more :

                              VPN IpSec                                                                                 LAN

     VPN <-------------------------------------->FW Linux IP:192.168.5.20 <---------------------------------------> Server IP:192.168.10.20

Original Package                                   Change at FW                                       

192.168.5.20:1234                               192.168.5.20:1234 to 192.168.10.20:1234

The question is : Is it posible to replite it in a ASA5505 ? and the answer it yes can help me.

Best regrets,

Santiago Hoyos.

2 Replies 2

thomas.g.fan
Level 1
Level 1

From my understanding, the answer is yes.

suppose ASA interface connect to VPN is named outside and ASA interface connect to LAN is named inside, then NAT command for ASA would be like this:

object network vpn-client

host ip_address 192.168.5.20

object network lan-server

host ip_address 192.168.10.20

nat (inside,outside) source static lan-server vpn-client destination static any any

Hi, ok, now the real problem it we have 2 vpns with diferent networks, IP and server.

In this case how to setup the inside and outside interzas ? it's a no easy configuration that i found in a linux firewall

Review Cisco Networking for a $25 gift card