Hi Zaman,
Here’s how it works:
ASA1(config)# object network SERVER
ASA1(config-network-object)# host 192.168.1.1
ASA1(config-network-object)# nat (INSIDE,OUTSIDE) static 192.168.2.200
This basically does two things:
- When a packet enters the INSIDE and exits the OUTSIDE, and the source IP address is 192.168.1.1 then we translate the source address to 192.168.2.200.
- When a packet enters the OUTSIDE and exits the INSIDE, and the destination IP address is 192.168.2.200 then we translate the destination address to 192.168.1.1.
We use this so a server on the INSIDE is reachable from the OUTSIDE. We also use NAT (INSIDE,OUTSIDE) so that multiple hosts can access the Internet through a single public IP address.
Now let’s look at another example:
ASA1(config)# object network DNS_SERVER
ASA1(config-network-object)# host 8.8.8.8
ASA1(config-network-object)# nat (OUTSIDE,INSIDE) static 192.168.1.8
Here’s what it means:
- When a packet enters the OUTSIDE and exits the INSIDE, and the source IP address is 8.8.8.8 then we translate the source address to 192.168.1.8.
- When a packet enters the INSIDE and exits the OUTSIDE, and the destination IP address is 192.168.1.8 then we translate the destination address to 8.8.8.8.
This can be useful if you want hosts to be able to reach some external server using an internal IP address. When an internal host tries to reach 192.168.1.8, then it will be translated to 8.8.8.8 (Google DNS).
Hope this helps!
Rene