Whats the asa equivalent of this nat command?

millworxmillworx Member Posts: 290
So I have an ASA that I am creating a L2L VPN to a Cisco router.
My source IP is 192.168.1.1
I need to reach 172.30.1.1 on the other side but I must NAT my IP to 10.1.1.1
What would be the proper command?

In IOS the command would be:
ip nat outside source static 10.1.1.1 172.30.1.1

would the ASA command be?

object network obj-10.1.1.1
host 10.1.1.1
nat (outside,inside) static 172.30.1.1
Currently Reading:
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide

Comments

  • ScalesScales Member Posts: 95 ■■□□□□□□□□
    I believe that will nat host 10.1.1.1 to 172.30.1.1 when it goes from inside to outside regardless if its going through the VPN tunnel or not. I think you have mixed up the IP addresses as well...isn't 8/3 NAT fun?

    I believe you will want something like this

    nat (inside,outside) source static obj-192.168.1.1 obj-10.1.1.1 destination static obj-172.30.1.1 obj-172.30.1.1

    obviously you need to create the objects with the relevant IP addresses inside them.

    hopefully someone can verify :D
Sign In or Register to comment.