Resolving ASA 8.4 NAT mystery

ASA_8_4_NAT_Topology

Static NAT/PAT:

object network dynamic-nat-ip
 host 12.12.12.16 

object network R3
 host 13.13.13.13
 nat (dmz,outside) static dynamic-nat-ip service tcp telnet ftp

For traffic from dmz to outside this rule says that when 13.13.13.13 is trying to go to outside with source port as 23 then change the source ip to 12.12.12.16 and source port as 21. Check the below diagram:

dynamic nat dmz to out

For traffic from outside to dmz this rule says that when someoneĀ  is trying to go to 12.12.12.16 with destination port as 21 change the destination to 13.13.13.13 and destination port as 23. Check the below diagram

dynamic nat out to dmz

 

Advertisements
This entry was posted in ASA. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s