Solved: NAT-ing to an address not on the Outside Interface

edwardwaithaka · ‎03-22-2007

What happens to return traffic when one NATs from the inside interface to the outside interface and the global address is not on the outside interface. eg

(inside local 10.0.0.0/24)10.0.0.1<--in_int_1---(PIX/ASA)---out_int_0--->209.165.201.0/24<----(router)------>172.16.1.1

NAT 10.0.0.2 to 172.16.1.2

How is return traffic from 172.16.1.0/24 sent to 10.0.0.0/24? Or what should be configured on the devices to allow return traffic?

Jon Marshall · ‎03-22-2007

Hi

It's a little unclear as to the setup you are describing. i think what you are asking is if you use an IP address out of a different subnet from the one used on your outside pix to present the inside server.

This will work fine as long the routing for that subnet points back to the pix. So the external router would need to know that the IP address that you have used can be reached via the external interface of the pix.

Does this make sense and have i explained it clearly enough ?

HTH

Jon

View solution in original post

Jon Marshall · ‎03-22-2007

Hi

It's a little unclear as to the setup you are describing. i think what you are asking is if you use an IP address out of a different subnet from the one used on your outside pix to present the inside server.

This will work fine as long the routing for that subnet points back to the pix. So the external router would need to know that the IP address that you have used can be reached via the external interface of the pix.

Does this make sense and have i explained it clearly enough ?

HTH

Jon

edwardwaithaka · ‎03-22-2007

Thanks Jon. Your post was helpful.