Jennifer Halim Tue, 04/13/2010 - 00:41
User Badges:
  • Cisco Employee,

Yes, you are right.


static  (inside,outside) netmask

Outbound  traffic from inside to outside, will be NATed to

Inbound  traffic from outside to inside towards will be NATed back to

As per stated in Firewall forum: Tue, 04/13/2010 - 01:03
User Badges:


The example you mentioned is exactly what I got, but does it fullfill the following need in Step 1, its not clear to me.

Step 1 Configure the firewall to perform DNAT inbound  and SNAT outbound for the A/V Edge external interface

In any location with multiple Edge  Servers deployed behind a load balancer, the external firewall cannot function  as a network address translation (NAT) device. However, in a site with only a  single Edge Server deployed, the external firewall can be configured as a NAT.

If you do so, configure the NAT as  a destination network address translation (DNAT) for inbound traffic—in other  words, configure any firewall filter used for traffic from the Internet to the  Edge Server with DNAT, and configure any firewall filter for traffic going from  the Edge Server to the Internet (outbound traffic) as a source network address  translation (SNAT). The A/V Edge server external interface will have a private  IP address, as shown in Figure 1.2.


This Discussion