Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
589
Views
0
Helpful
4
Replies

NAT Issue

Go to solution
vasren
Level 1
Level 1

‎07-08-2010 06:54 AM - edited ‎03-11-2019 11:08 AM

Kindly suggest whether the below NAT configuration can be done in FWSM.

I have one Internal Interface & two external interface.  The natted Global Address should be same for traffic routing via both the external interface.

static (Internal,Outside1) 115.115.115.115 10.10.10.1 netmask 255.255.255.255

static (Internal,Outside2) 115.115.115.115 10.10.10.1 netmask 255.255.255.255

IPs are dummy one (not real).

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-08-2010 07:06 AM

As long as your routers connected to those external interfaces do not reject the traffic due to RPF issues, I do not see any reason why you should not configure the way you want to configure it. Firewall will not complain. However, your external network might.

Hope this helps.

Regards,

NT

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee

‎07-08-2010 07:06 AM

As long as your routers connected to those external interfaces do not reject the traffic due to RPF issues, I do not see any reason why you should not configure the way you want to configure it. Firewall will not complain. However, your external network might.

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
vasren
Level 1
Level 1
In response to Nagaraja Thanthry

‎07-08-2010 07:36 AM

Thanks, I will get it configured and update you on the same.

0 Helpful

Go to solution
vasren
Level 1
Level 1
In response to vasren

‎07-12-2010 04:11 AM

It worked for Static NAT.  Kindly advice whether the same will hold good for PAT also.  Can we configure as below, if so which is correct Option-1 or Option-2.

Option-1:

global (Outside1) 4 115.115.115.115 netmask 255.255.255.255

global (Outside2) 4 115.115.115.115 netmask 255.255.255.255

nat (Inside) 4 10.10.10.1 255.255.255.255

nat (Inside) 4 10.10.10.2 255.255.255.255

or

Option-2:

global (Outside1) 4 115.115.115.115 netmask 255.255.255.255

nat (Inside) 4 10.10.10.1 255.255.255.255

nat (Inside) 4 10.10.10.2 255.255.255.255

global (Outside2) 5 115.115.115.115 netmask 255.255.255.255

nat (Inside) 5 10.10.10.1 255.255.255.255

nat (Inside) 5 10.10.10.2 255.255.255.255

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to vasren

‎07-12-2010 10:07 AM

Hello,

The same configuration will work for PAT as well. Option 1 will satisfy your requirements. While Option 2 will also work, it is just duplicating the configuration.

Regards,

NT

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card