NAT help

Unanswered Question
Feb 10th, 2009
User Badges:

Hi,


I have a Cisco ASA 5520, I have a 3750 with VLAN's connected to the firewall and one of these VLAN's is a remote network.


At the moment their router is not managed by us and this remote LAN uses one of our DHCP servers within the firewalls inside interface.


I have now got a 2nd DHCP server which I need them to use and don't want to pay the money to get this DHCP helper to point to the new server, can I crate a NAT?


So they will still try and get their DHCP requests from 192.168.21.1 but really they are going to 192.168.21.10?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Tue, 02/10/2009 - 11:11
User Badges:
  • Gold, 750 points or more

A static NAT might help here.

Which incoming interface of DHCP request is on ASA? From outside?

How the remote LAN is connected to this ASA? via VPN?

Posted current configuration if possible.

cdusio Tue, 02/10/2009 - 16:37
User Badges:
  • Bronze, 100 points or more

You can do one of a couple of things.. You can use the firewall to provide DHCP addresses and forget the DHCP server or sure you can nat. I just tested this and from a config perspective it takes.. Didn't try to pass data through but would look something like..


static (inside,(unmanaged_net) 192.168.21.1 192.168.21.10 netmask 255.255.255.255 0 0


Then just allow the DHCP rule inbound which you probably already have anyway.


Let me know if that works. I can't verify the operation on the firewall from where I am but the principle should work.


You're just saying that anyone on that network wanting a DHCP address go to this next hop (firewall ip) but now taht firewall has a nat rule so it should arp for that address on that network.



whiteford Thu, 02/12/2009 - 04:19
User Badges:

Hi,


Shouldn't static (inside,(unmanaged_net) 192.168.21.1 192.168.21.10 netmask 255.255.255.255 0 0


be


static (inside,(unmanaged_net) 192.168.21.10 192.168.21.1 netmask 255.255.255.255 0 0


As the unmanged LAN currently gets DHCP requests from 192.168.21.1 but needs them translated to 192.168.21.10?


Thanks

cdusio Thu, 02/12/2009 - 05:44
User Badges:
  • Bronze, 100 points or more

He wants the address on the unmanaged net to stay as it is so it's right.

whiteford Thu, 02/12/2009 - 06:33
User Badges:

Sorry it's just my understanding as I am just viewing it on the ASDM (after adding the rule in the CLI) under NAT Rules > "inside" it shows type as static, original source 192.168.21.10 translate interface "unmanaged_LAN" address 192.168.21.1.


I'm going to give it some testing now.


Thanks again

Actions

This Discussion