cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
0
Helpful
3
Replies

Source IP address should be NAT'ed Address

jsecaur
Level 1
Level 1

Our exchange folks are moving to 2007. They are trying to put up new edge servers and have asked for outside addresses for the edge servers. Problem is that they want to source IP to be the same address as the NAT. Below is an example of the NAT. What commands do I need to add for this to happen? Today when these edge servers go outside they look to be coming from the outside interface of the ASA.

static (inside,outside) 209.56.118.40 10.16.2.40 netmask 255.255.255.255

I want them to look like they are coming from 209.56.118.40

Thanks

-Jason

3 Replies 3

jj27
Spotlight
Spotlight

Not too hard.

Add an additional static nat entry and reverse it.

static (outside,inside) 10.16.2.40 209.56.118.40 netmask 255.255.255.255

Thanks for the information. Is this configuration mandatory. In other words, if I do not add this NAT, will I look like the outside address of the FW?

Also do you know of any good resources to test this? I am looking for something that is not using port 80.

Yes, the command "global (outside) interface" uses the outside address of the firewall as the port translation address so all inbound users that go out to the internet will appear as the outside address of the firewall.

Doing this both with the inside,outside and outside,inside static mapping will make traffic inbound hit that internal server and also appear to the internet as the same IP address it came in on.

If you want to test it, go ahead, but it is not really necessary in my opinion. I have done this many times with no problems.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: