destination nat help

[intelwizrd]

Is it possible to redirect packets to a different address based on the source address?

I have an ASA5520

Basic layout:

outside (connects to edge router)
ip 10.10.1.2/30

inside (inside network for purposes of question)
ip 10.10.10.1/24

NAT is not currently in use.
Given all addresses are routable and serverA at ip 10.10.10.130, I want to redirect all traffic bound for serverA with a source of network object group FAddr to ip 10.10.10.131

Can this be done? If so, what would the nat statements look like?

 

[NJForensics]

static (inside,outside) <external IP> 10.10.10.130 255.255.255.255

Where you define the object group source would be in the ACL.

Namely ...

access-list <name of access list> permit <TCP / UDP> <object group> <destination> eq <port or range>



Chris Clancy, EnCE CCE

MCITP: Enterprise Messaging
MCITP: Server Administrator

" ... when you can't figure out what the problem is, find out what it isn't.... "

 

[intelwizrd]

say i wanted to send all traffic from 20.20.20.0/24 to .131 and all traffic from 30.30.30.0/24 to .130, would i still use this method? can <external IP> be an access-list?

 

[intelwizrd]

I may need to clarify this:

client at 20.20.20.0/24 types in

http://www.domain.com

and gets ip 10.10.10.130 from DNS. when the request hits the ASA, packets are sent to 10.10.10.131 instead of 10.10.10.130

client at 30.30.30.0/24 types in

http://www.domain.com

and gets ip 10.10.10.130 from DNS. requests go straight to 10.10.10.130

i have a network object group that contains 20.20.20.0/24. currently nat is not in use, IP on the server is the IP in DNS.