NAT-ing to an address not on the Outside Interface

Answered Question
Mar 22nd, 2007
User Badges:

What happens to return traffic when one NATs from the inside interface to the outside interface and the global address is not on the outside interface. eg

(inside local 10.0.0.0/24)10.0.0.1<--in_int_1---(PIX/ASA)---out_int_0--->209.165.201.0/24<----(router)------>172.16.1.1


NAT 10.0.0.2 to 172.16.1.2


How is return traffic from 172.16.1.0/24 sent to 10.0.0.0/24? Or what should be configured on the devices to allow return traffic?

Correct Answer by Jon Marshall about 10 years 2 months ago

Hi


It's a little unclear as to the setup you are describing. i think what you are asking is if you use an IP address out of a different subnet from the one used on your outside pix to present the inside server.


This will work fine as long the routing for that subnet points back to the pix. So the external router would need to know that the IP address that you have used can be reached via the external interface of the pix.


Does this make sense and have i explained it clearly enough ?


HTH


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Thu, 03/22/2007 - 02:35
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


It's a little unclear as to the setup you are describing. i think what you are asking is if you use an IP address out of a different subnet from the one used on your outside pix to present the inside server.


This will work fine as long the routing for that subnet points back to the pix. So the external router would need to know that the IP address that you have used can be reached via the external interface of the pix.


Does this make sense and have i explained it clearly enough ?


HTH


Jon

Actions

This Discussion