Are there any know issues running AD through and ASA with NAT?

Unanswered Question
Feb 10th, 2009

Hi - I want to have Server A on a protected DMZ talking to an AD server connected to another interface on the ASA.

Server A will have it's address NATd.

Are there any know issues with this or is it easy to implement?

From what I can see, AD uses DNS so I would need to use the DNS inspection feature to make sure that still worked.

Can anyone tell me if there are any other problems with what I want to try and do?


Many Thanks, Dom

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
murabi Mon, 02/16/2009 - 13:52

All sessions that connect through the security appliance must undergo some form of network address translation, or NAT. Each NAT or NAT Overload (PAT) session is assigned a translation slot known as an xlate. These xlates can persist even after you make changes to the NAT rules that affect them. This can lead to a depletion of translation slots or unexpected behavior or both by traffic that undergoes translation.


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml#nat


Actions

This Discussion