[c-nsp] Possible to make NAT decisions based on source address, on ASA?

Peter Rathlev peter at rathlev.dk
Thu May 17 17:12:53 EDT 2012


On Thu, 2012-05-17 at 14:36 -0400, Andy Dills wrote:
> So, in essence, I want to consider source address when determining which 
> server on the private network the traffic is NATed to.
> 
> Is this possible?

No problem. Take a look at "Configuring Dynamic NAT or Dynamic PAT":

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_dynamic.html#wp1081940

This is for 8.2 and earlier with the "old" NAT configuration style. With
version 8.3 or later the commands are different.

Quick example:

! Policy NAT 20.0.0.0/24 towards 5.5.5.5
access-list PolicyNAT-example permit ip 20.0.0.0 255.255.255.0 host 5.5.5.5
nat (inside) 1 access-list PolicyNAT-example
global (outside) 1 10.0.0.100
! Regular NAT everything else
nat (inside) 2 0.0.0.0 0.0.0.0
global (outside) 2 10.0.0.200
!

-- 
Peter




More information about the cisco-nsp mailing list