• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 208
  • Last Modified:

NAT Clarification

I've searched around for the answer to this question, I may have found it but not have understood the answer. I've primarily worked with Linux based firewalls, with some PIX experience.
One Function that I was always able to easily do is what I refer to as a SNAT.
Example Source IP ( Destination IP(any) Service (RDP:3389) > Change Source to:(
This would force to use as it's external IP address only while using RDP:3389, all other traffic would use the default MASQ.
I dont want to port forward 3389 to, I want it to use as it's public IP when using the port 3389
Where all other traffic defaults outbound to

Is this even possible with a PIX / ASA ?
If so how?
1 Solution
Yes, you can...it is called policy NAT in the Cisco world.  Here's how:

access-list special_rdp permit tcp host any eq 3389
global (outside) 5
nat (inside) 5 access-list special_rdp


Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now