Then you should use an access-list for interesting traffic to match on those specific conditions. This is static policy nat. See the ASA 8.0 config guide:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cfgnat.html#wp1042553 static (inside,outside) 80.1.1.1 access-list CONDITION1 static (inside,outside) 80.1.1.1 access-list CONDITION2 access-list CONDITION1 permit ip host 10.1.1.1 host 200.1.1.1 access-list CONDITION2 permit ip host 10.1.1.2 host 190.1.1.1 On Sat, May 9, 2009 at 9:15 AM, Marcelo Zilio <ziliomarc...@gmail.com>wrote: > Hi Mike, > > Thank you for your response. > This in not exactelly what I need as you can see in my previous reply. > > Even though I think somehow this can be accomplished according to this doc: > > http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml > > Thanks and regards > Marcelo > > 2009/5/8 Michael K. Smith - Adhost <mksm...@adhost.com> > > > Hello Marcelo: > > > > > I'm working in a migration of a CheckPoint Firewall to an ASA5520. I > > > freeze > > > on a situation that seems ASA cannot "reproduce" CheckPoint > > > configuration. > > > Follow the scenario: > > > > > > - IP Address X on the Internet access IP Address X1 in the Inside > > > network > > > through the X-NAT Address. > > > - IP Address Y on the Internet access IP Address Y1 in the Inside > > > network > > > through the same X-NAT Address. > > > > > > CheckPoint already does this, but I couldn't find a way to do the same > > > with > > > ASA. > > > I've tried with Policy NAT, but it seems it doesn't work well to > > static > > > translations. > > > > > > > If you mean the following it can't be done on the ASA. > > > > static (inside,outside) 1.2.3.4 192.168.1.1 > > static (inside,outside) 5.6.7.8 192.168.1.1 > > > > There is a 1:1 relationship with static NAT's. You could do PAT if that > > suits. > > > > static (inside,outside) tcp 1.2.3.4 http 192.168.1.1 http > > static (inside,outside) tcp 5.6.7.8 smtp 192.168.1.1 smtp > > > > Regards, > > > > Mike > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/