[c-nsp] Trouble in an ASA migration from CheckPoint
Michael K. Smith - Adhost
mksmith at adhost.com
Fri May 8 12:35:00 EDT 2009
Hello Marcelo:
> I'm working in a migration of a CheckPoint Firewall to an ASA5520. I
> freeze
> on a situation that seems ASA cannot "reproduce" CheckPoint
> configuration.
> Follow the scenario:
>
> - IP Address X on the Internet access IP Address X1 in the Inside
> network
> through the X-NAT Address.
> - IP Address Y on the Internet access IP Address Y1 in the Inside
> network
> through the same X-NAT Address.
>
> CheckPoint already does this, but I couldn't find a way to do the same
> with
> ASA.
> I've tried with Policy NAT, but it seems it doesn't work well to
static
> translations.
>
If you mean the following it can't be done on the ASA.
static (inside,outside) 1.2.3.4 192.168.1.1
static (inside,outside) 5.6.7.8 192.168.1.1
There is a 1:1 relationship with static NAT's. You could do PAT if that
suits.
static (inside,outside) tcp 1.2.3.4 http 192.168.1.1 http
static (inside,outside) tcp 5.6.7.8 smtp 192.168.1.1 smtp
Regards,
Mike
More information about the cisco-nsp
mailing list