Since the version 8.3 Cisco ASA supports the unidirectional NAT. With the Unidirectional NAT you are able to determine the initialization direction which is already permitted to starts the connection.
The unidirectional NAT can be a part of your security policy to make sure that unsafe networks can’t access to your internal network.
I did crate a scenario which you can see the utilization and the usability for this opportunity.
My internal networks on the inside Interface of the ASA :
obj-192.168.17.0 ( 192.168.17.0 255.255.255.0)
And the remote peer network which came from outside interface :
obj-10.10.10.0 (10.10.10.0 255.255.255.0)
The NAT should realize the connection between these networks but only my internal networks (obj-192.168.17.0) should initialize the connection. Continue Reading…