1.6 ASA Network Address Translation

Hi Cristian,

Could I configure task 1.6 with the following commands?

 

nat (INSIDE,VLAN75) source static R5_LOOPBACK R5_LOOPBACK destination static SW5_LOOPBACK SW5_LOOPBACK

nat (INSIDE,VLAN74) source static VLAN21 interface unidirectional

nat (INSIDE,VLAN75) source static VLAN21 interface unidirectional

nat (INSIDE,VLAN75) source static VLAN22 interface unidirectional

nat (INSIDE,VLAN75) source static R5_LOOPBACK interface unidirectional


To me is the same as doing using the dynamic nat

 

Kind regards,

Jose Antonio

Comments

  • Hi,

         Using static NAT with unidirectional keyword is NOT the same as doing regular dynamic NAT. Both static and dynamic NAT create both simple and extended translations, which allows traffic to be initiated both ways. Per the task requirements, you need to do PAT, which creates only the extended translation entry, which is the same result as static NAT with unidirectional keyword. Your solution is technically accurate, although the use case for it would be different.

    Regards,

    Cristian.

Sign In or Register to comment.