NAT-ing to an address not on the Outside Interface

Answered Question
Mar 22nd, 2007

What happens to return traffic when one NATs from the inside interface to the outside interface and the global address is not on the outside interface. eg

(inside local 10.0.0.0/24)10.0.0.1<--in_int_1---(PIX/ASA)---out_int_0--->209.165.201.0/24<----(router)------>172.16.1.1

NAT 10.0.0.2 to 172.16.1.2

How is return traffic from 172.16.1.0/24 sent to 10.0.0.0/24? Or what should be configured on the devices to allow return traffic?

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 9 years 10 months ago

Hi

It's a little unclear as to the setup you are describing. i think what you are asking is if you use an IP address out of a different subnet from the one used on your outside pix to present the inside server.

This will work fine as long the routing for that subnet points back to the pix. So the external router would need to know that the IP address that you have used can be reached via the external interface of the pix.

Does this make sense and have i explained it clearly enough ?

HTH

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 03/22/2007 - 02:35

Hi

It's a little unclear as to the setup you are describing. i think what you are asking is if you use an IP address out of a different subnet from the one used on your outside pix to present the inside server.

This will work fine as long the routing for that subnet points back to the pix. So the external router would need to know that the IP address that you have used can be reached via the external interface of the pix.

Does this make sense and have i explained it clearly enough ?

HTH

Jon

Actions

This Discussion