Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > Hardware > ASA - NAT based on destination address

Thread Tools

ASA - NAT based on destination address

tomasek tomasek is offline
Junior Member
Join Date: Nov 2007
Posts: 2

how to configure source address NAT based on destination address in Cisco ASA 5510?

source host address accessing network ( to be translated to

source host address accessing all networks except of ( to be translated to

this is what i tried to configure.

access-list privataccess extended permit ip host

access-list publicaccess extended deny ip host
access-list publicaccess extended permit ip host any

nat (inside) 1 access-list privataccess outside
nat (inside) 2 access-list publicaccess outside
global (outside) 2 netmask
global (outside) 1 ISR_WebProdNat netmask
static (inside,outside) access-list publicaccess
static (inside,outside) access-list privataccess

but I get a message "Deny rules not supported in Policy Nat" and "access-list has deny statements". What am I doing wrong?

Thanks for your help


Last edited by tomasek; 11-30-2007 at 06:48 AM..
Reply With Quote
Greeley Greeley is offline
Join Date: Dec 2007
Posts: 67
Take out this ACL:

access-list publicaccess extended deny ip host

As long as the privateaccess ACL comes first when the source and destination is matched it will automagically go there all else is denied. when the next nat translation is hit and goes to the privateaccess acl then the remaining source to any host will be proocessed.

Hope this help,

Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT based on destination address in PIX shinhyuk Cisco 5 05-22-2009 08:28 AM
NAT source based on destination... per request? 1388-2/HB Cisco 0 02-22-2007 08:23 PM
NAT'ing to different outside addresses based on port _or_ destination address Cisco 1 08-31-2006 09:42 PM
NAT based on destination Sorin Platon Cisco 3 09-14-2004 04:19 PM
Destination not reachable until destination pings source! PIX501 Dave Cisco 0 02-27-2004 06:15 PM