Problems with nat overlapping

Unanswered Question
Aug 14th, 2008
User Badges:

Good afternoon everyone.


We have a business partner that requires us to communicate with each other, they are going to connect to a server that we have a web application, this application has to make consultations to 3 servers them, that we are going to do for a private link connects to a port in my core switch 3560g and the other end to the network of them, because there is overlapping, we need to do nat from all directions of equipment requiring them to connect to address 10.39.13.3, taking as a gateway address 10.39.13.1 and set at one of our interfaces address 10.39.13.2.


Our switch does not support nat but we have a ASA5510 that if it does, but has all the occupied ports, one for the outside which connects to the Internet, other ports are connected to the switch which is divided into VLANs.


My idea is to set one of the ports of my ASA with subinterfaces and occupy one of them assign a new vlan and put an address 10.39.13.2, set up a vlan more in the core switch having the same id of the vlan in ASA and allocate the port of this switch makes link with my business partner to vlan, the vlan not owe you set up a ip.


Now I have to make a nat of traffic on my network that wants to reach servers partner towards ip 10.39.13.3.


I have to reroute the traffic that comes from my partner to my asa5510, this should to do on my computer switch core, on the other hand, I also reroute the traffic that goes to my partner since asa5510.


What else should I do? I am the right thing?.


Greetings

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tshi M Sun, 08/17/2008 - 19:33
User Badges:
  • Silver, 250 points or more

Do you mind posting a diagram (Visio)?

oabduo983 Sun, 08/17/2008 - 22:49
User Badges:
  • Bronze, 100 points or more

Are you reaching your partner net through the Internet? if not, then you can do a static translation for your entire subnet to outside subnet (e.g. static (xyz,outside) 10.10.10.0 your_subnet netmask 255.255.255.0)


This should work fine



alejandrocgch Wed, 08/20/2008 - 14:18
User Badges:

Thank you for everything, solved the problem, I configured nat overlapping, what I did was create a subinterfaz with ip in the segment in common between the two institutions, I nat of my teams in this segment through the subinterfaz and I made a acl for permirte only certain types of traffic from that segment, he also became the same.


I thank you.

Actions

This Discussion