[c-nsp] Possible to make NAT decisions based on source address, on ASA?
Peter Rathlev
peter at rathlev.dk
Thu May 17 17:12:53 EDT 2012
On Thu, 2012-05-17 at 14:36 -0400, Andy Dills wrote:
> So, in essence, I want to consider source address when determining which
> server on the private network the traffic is NATed to.
>
> Is this possible?
No problem. Take a look at "Configuring Dynamic NAT or Dynamic PAT":
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_dynamic.html#wp1081940
This is for 8.2 and earlier with the "old" NAT configuration style. With
version 8.3 or later the commands are different.
Quick example:
! Policy NAT 20.0.0.0/24 towards 5.5.5.5
access-list PolicyNAT-example permit ip 20.0.0.0 255.255.255.0 host 5.5.5.5
nat (inside) 1 access-list PolicyNAT-example
global (outside) 1 10.0.0.100
! Regular NAT everything else
nat (inside) 2 0.0.0.0 0.0.0.0
global (outside) 2 10.0.0.200
!
--
Peter
More information about the cisco-nsp
mailing list