Solved: Destination NAT from Outside interface (VPN)

rcavezzale · ‎05-18-2018

Hi Guys

I would like to configure the firewall to make a destination NAT of the traffic coming from a specific VPN.

In detail the source 10.0.0.1 when contacting 10.0.1.1 the firewall change destination address from 10.0.1.1 to 192.168.1.1

Could you help?

Thanks in advances

Hi Guys I would like to configure the firewall to make a destination NAT of the traffic coming from a specific VPN. In detail the source 10.0.0.1 when contacting 10.0.1.1 the firewall change destination address from 10.0.1.1 to 192.168.1.1 Could you help? Thanks in advances

rcavezzale · ‎05-28-2018

Unfortunately the solution is wrong.

Below the correct configuration:

object network SOURCE

network-object host 10.0.0.1

object network OUTSIDE_NAT

network-object host 192.168.1.1

object network DESTINATION

network-object host 10.0.1.1

! cambiato nat

nat (OUTSIDE,OFFICE) source static 10.0.0.1 10.0.0.1 destination static 192.168.1.1 10.0.1.1

View solution in original post

Rob Ingram · ‎05-18-2018

Hi,

This should work:

object network SOURCE
host 10.0.0.1
object network DESTINATION
host 10.0.1.1
object network OUTSIDE_NAT
host 192.168.1.1

nat (INSIDE,OUTSIDE) source static SOURCE OUTSIDE_NAT destination static DESTINATION DESTINATION

Obviously the destination network (10.0.1.1) will need to know how to route to the natted address 192.168.1.1 to send the return traffic, so you should make sure the routing is in place.

HTH

rcavezzale · ‎05-18-2018

Thanks very much, i try to make it on my lab.
In few days i report feedback

rcavezzale · ‎05-28-2018