[c-nsp] Trouble in an ASA migration from CheckPoint

Marcelo Zilio ziliomarcelo at gmail.com
Sat May 9 09:15:24 EDT 2009


Hi Mike,

Thank you for your response.
This in not exactelly what I need as you can see in my previous reply.

Even though I think somehow this can be accomplished according to this doc:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml

Thanks and regards
Marcelo

2009/5/8 Michael K. Smith - Adhost <mksmith at adhost.com>

> Hello Marcelo:
>
> > I'm working in a migration of a CheckPoint Firewall to an ASA5520. I
> > freeze
> > on a situation that seems ASA cannot "reproduce" CheckPoint
> > configuration.
> > Follow the scenario:
> >
> > - IP Address X on the Internet access IP Address X1 in the Inside
> > network
> > through the X-NAT Address.
> > - IP Address Y on the Internet access IP Address Y1 in the Inside
> > network
> > through the same X-NAT Address.
> >
> > CheckPoint already does this, but I couldn't find a way to do the same
> > with
> > ASA.
> > I've tried with Policy NAT, but it seems it doesn't work well to
> static
> > translations.
> >
>
> If you mean the following it can't be done on the ASA.
>
> static (inside,outside) 1.2.3.4 192.168.1.1
> static (inside,outside) 5.6.7.8 192.168.1.1
>
> There is a 1:1 relationship with static NAT's.  You could do PAT if that
> suits.
>
> static (inside,outside) tcp 1.2.3.4 http 192.168.1.1 http
> static (inside,outside) tcp 5.6.7.8 smtp 192.168.1.1 smtp
>
> Regards,
>
> Mike
>


More information about the cisco-nsp mailing list