ASA Destination Nat question

[desperado618]

I need to perform a Destination Nat from only 1 source.
For example, when coming from 192.168.2.1 going to 172.16.54.1, I would like the destination natted to 10.51.1.5. I know how to perform a destination nat for ALL sources but cannot seem to make this work from only 1 or limited sources.
Please advise.

Thanks

http://netl33ts.blogspot.com/

 

[North323]

this may help:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1042810

 

[desperado618]

Thanks for the link.
This seems to be the exact same syntax as a source nat. I dont think I see the difference.
I have provided the CIsco example below (modified to to contain all hosts for simplicity).

access-list NET1 permit ip 10.1.2.1 209.165.201.1
status (inside, outside) 209.165.202.128 access-list NET1

If the above example will perform a destination nat whenever the source is 10.1.2.1 going to 209.165.201.1, how would I modify this to perform a source nat whenever coming from 10.1.2.1 going to 209.165.201.1 (src translated to 209.165.202.128).

http://netl33ts.blogspot.com/

 

[felix001]

The example you have given is correct ,

access-list NET1 permit ip 10.1.2.1 209.165.201.1
static (inside, outside) 209.165.202.128 access-list NET1

The static will provide the source and destination NAT for your host 10.1.2.1. A Static NATs is defined as a 2 way NAT for a single host.

Due to the source and destination on the access-list this static will only apply for traffic originating from host 10.1.2.1 destined for 209.165.201.1.

Let me know if theres anything which is still unclear.

http://www.fir3net.com