Jennifer Halim Tue, 04/13/2010 - 00:41
User Badges:
  • Cisco Employee,

Yes, you are right.


Example:

static  (inside,outside) 200.1.1.1 10.1.1.1 netmask 255.255.255.255


Outbound  traffic from inside to outside, 10.1.1.1 will be NATed to 200.1.1.1

Inbound  traffic from outside to inside towards 200.1.1.1 will be NATed back to  10.1.1.1


As per stated in Firewall forum:

https://supportforums.cisco.com/message/3053002#3053002

melwin.uk Tue, 04/13/2010 - 01:03
User Badges:

Hi


The example you mentioned is exactly what I got, but does it fullfill the following need in Step 1, its not clear to me.



Step 1 Configure the firewall to perform DNAT inbound  and SNAT outbound for the A/V Edge external interface

In any location with multiple Edge  Servers deployed behind a load balancer, the external firewall cannot function  as a network address translation (NAT) device. However, in a site with only a  single Edge Server deployed, the external firewall can be configured as a NAT.

If you do so, configure the NAT as  a destination network address translation (DNAT) for inbound traffic—in other  words, configure any firewall filter used for traffic from the Internet to the  Edge Server with DNAT, and configure any firewall filter for traffic going from  the Edge Server to the Internet (outbound traffic) as a source network address  translation (SNAT). The A/V Edge server external interface will have a private  IP address, as shown in Figure 1.2.

Actions

This Discussion