09-11-2008 06:50 AM - edited 03-11-2019 06:43 AM
Our exchange folks are moving to 2007. They are trying to put up new edge servers and have asked for outside addresses for the edge servers. Problem is that they want to source IP to be the same address as the NAT. Below is an example of the NAT. What commands do I need to add for this to happen? Today when these edge servers go outside they look to be coming from the outside interface of the ASA.
static (inside,outside) 209.56.118.40 10.16.2.40 netmask 255.255.255.255
I want them to look like they are coming from 209.56.118.40
Thanks
-Jason
09-11-2008 07:13 AM
Not too hard.
Add an additional static nat entry and reverse it.
static (outside,inside) 10.16.2.40 209.56.118.40 netmask 255.255.255.255
09-11-2008 08:08 AM
Thanks for the information. Is this configuration mandatory. In other words, if I do not add this NAT, will I look like the outside address of the FW?
Also do you know of any good resources to test this? I am looking for something that is not using port 80.
09-11-2008 09:41 AM
Yes, the command "global (outside) interface" uses the outside address of the firewall as the port translation address so all inbound users that go out to the internet will appear as the outside address of the firewall.
Doing this both with the inside,outside and outside,inside static mapping will make traffic inbound hit that internal server and also appear to the internet as the same IP address it came in on.
If you want to test it, go ahead, but it is not really necessary in my opinion. I have done this many times with no problems.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide