Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > Hardware > ASA - NAT based on destination address

Reply
Thread Tools

ASA - NAT based on destination address

 
 
tomasek tomasek is offline
Junior Member
Join Date: Nov 2007
Posts: 2
 
      11-29-2007
Hi,

how to configure source address NAT based on destination address in Cisco ASA 5510?

source host address 192.168.11.1 accessing 10.1.1.0 255.255.255.0 network (192.168.11.1 to be translated to 172.16.1.1)

source host address 192.168.11.1 accessing all networks except of 10.1.1.0 255.255.255.0 (192.168.11.1 to be translated to 60.60.60.60)


this is what i tried to configure.

access-list privataccess extended permit ip host 192.168.11.1 10.1.1.0 255.255.255.0

access-list publicaccess extended deny ip host 192.168.11.1 10.1.1.0 255.255.255.0
access-list publicaccess extended permit ip host 192.168.11.1 any

nat (inside) 1 access-list privataccess outside
nat (inside) 2 access-list publicaccess outside
global (outside) 2 60.60.60.60 netmask 255.255.255.255
global (outside) 1 ISR_WebProdNat netmask 255.255.255.255
static (inside,outside) 60.60.60.60 access-list publicaccess
static (inside,outside) 172.16.1.1 access-list privataccess


but I get a message "Deny rules not supported in Policy Nat" and "access-list has deny statements". What am I doing wrong?

Thanks for your help

Tomas.
 

Last edited by tomasek; 11-30-2007 at 06:48 AM..
Reply With Quote
 
 
 
 
Greeley Greeley is offline
Member
Join Date: Dec 2007
Posts: 67
 
      12-16-2007
Take out this ACL:

access-list publicaccess extended deny ip host 192.168.11.1 10.1.1.0 255.255.255.0

As long as the privateaccess ACL comes first when the source and destination is matched it will automagically go there all else is denied. when the next nat translation is hit and goes to the privateaccess acl then the remaining source to any host will be proocessed.

Hope this help,

--G
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT based on destination address in PIX shinhyuk Cisco 5 05-22-2009 08:28 AM
NAT source based on destination... per request? 1388-2/HB Cisco 0 02-22-2007 08:23 PM
NAT'ing to different outside addresses based on port _or_ destination address theodorehope@gmail.com Cisco 1 08-31-2006 09:42 PM
NAT based on destination Sorin Platon Cisco 3 09-14-2004 04:19 PM
Destination not reachable until destination pings source! PIX501 Dave Cisco 0 02-27-2004 06:15 PM



Advertisments