Static NAT of the inside interface through an IPsec-tunnel

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thomas.chen Wed, 05/30/2007 - 07:38

The ip nat inside destination command translates the destination address of a packet going from the outside interface to the inside interface. This command is used to load balance among multiple servers on the inside network. The existence of multiple servers is hidden from the external world, which continues to use a single IP address to request the desired content. At the Network Address Translation (NAT) router, these requests are directed to one of the multiple inside servers specified in the NAT pool. This is done in a round-robin manner, distributing the load among the available servers.

The ip nat inside destination command can also be used to mask the actual IP address of a server on the inside network. This one-to-one translation is created by specifying a single address in the NAT pool. However, the translation created by this command is a dynamic translation. The ip nat inside destination command does not support the static keyword and cannot be used to build static mapping.

ggilbert Wed, 05/30/2007 - 09:14


To answer your question, you can not have a static NAT for the inside interface so that you can manage it from the outside world. If you want to make it by not going through the tunnel, use SSH to access the outside interface.

As per your question - if you want to manage it through the tunnel, use SSH to access the inside interface IP Address.

Or if you have another interface, you can use the management-access command to access the ASA5505.

Hope this explains. Let me know if you have questions and I will be glad to answer them.




This Discussion