• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 548
  • Last Modified:

policy and static NAT

Experts,

NAT on an ASA 8.2.5 code.

I have a policy based NAT below that translates 50.50.50.13 to appear as 10.20.20.20 when it initiates traffic to 10.10.10.10

access-list nat123 extended permit ip host 50.50.50.13 host 10.10.10.10
nat (dmz) 1005 access-list nat123
global (inside) 1005 10.20.20.20

I have the below static NAT that translates the destination of 10.20.20.20 to 50.50.50.13 when traffic is received on the inside interface.

static (dmz,inside) 10.20.20.20 50.50.50.13 netmask 255.255.255.255

My question, is there a way I can accomplish both with just 1 STATIC NAT? Can I add something to the end of the static NAT to make it apply the other way (when 50.50.50.13 initiates the traffic)?  Or would both be needed to do the source and destination NAT. Assume that I can't route 50.50.50.13 in my internal network and that's why I am doing this.
0
trojan81
Asked:
trojan81
  • 2
1 Solution
 
trojan81Author Commented:
anyone?
0
 
fgasimzadeCommented:
Take a look here, this is called Twice NAT, the one you are looking for

http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/nat_rules.html#wp1132640
0
 
fgasimzadeCommented:
By the way, your static NAT works both ways by default

static (dmz,inside) 10.20.20.20 50.50.50.13 netmask 255.255.255.255

You just need a policy static NAT


access-list nat123 extended permit ip host 50.50.50.13 host 10.10.10.10
static (inside,dmz) 10.20.20.20 access-list nat123

This one will work both ways with your policy (traffic from 50.50.50.13 to 10.10.10.10)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now