NAT in Transparent Mode

Unanswered Question
Aug 4th, 2013
User Badges:


I am trying to figure out why do i need NAT in a transparent firewall mode. What i understood so far from the NAT scenario is, when ASA translates an internal host to a mapped address that is not in the same network as the ASA's outside interface, a static route is needed on the upstream router in order to reach that mapped address. On the other hand, if the mapped address is on the same subnet as the ASA's outside interface, upstream router will ARP the ASA for the host's MAC.

Without NAT scenario:

Assuming that the internal host and ASA have the ARP info. of the gateway.

When ASA receives a packet from an internal host with a destination of web server in the internet, ASA will record the source MAC along with the interface where the packet has arrived and it will forward the packet to the gateway. The gateway will forward the request to the web server. In return traffic, the web server replies to the gateway which in turn forward the reply to the internal host.

Therefore, if the whole game works using just ARP, what NAT is used for?




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion