Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5510 subinterfaces and NAT

We have several partners in different countries who are using overlapping subnets on their switch hardware.  we have to manage all the partners hardware from our netmanagers which are installed behind an ASA5510 firewall. We have a single port to the outside and a single inside port on the ASA to use.

We were thinking that we could create subinterfaces on the ASA's outside port - one for each of the partners and then connect the next hop ( the partner;s router's) interface to that through a switch using vlan seperation.

Would the fireawll be able to NAT the source addresses of the different partners so that our Netmagers see them as being on different subnets and so we could route to them and receive snmp traps from them?"

1 REPLY
Hall of Fame Super Blue

Re: ASA 5510 subinterfaces and NAT

JSCHWENG wrote:

We have several partners in different countries who are using overlapping subnets on their switch hardware.  we have to manage all the partners hardware from our netmanagers which are installed behind an ASA5510 firewall. We have a single port to the outside and a single inside port on the ASA to use.

We were thinking that we could create subinterfaces on the ASA's outside port - one for each of the partners and then connect the next hop ( the partner;s router's) interface to that through a switch using vlan seperation.

Would the fireawll be able to NAT the source addresses of the different partners so that our Netmagers see them as being on different subnets and so we could route to them and receive snmp traps from them?"

Yes, you could do this with the static command eg.

static (outp1,inside) 192.168.5.0 172.16.5.0 netmask 255.255.255.0 <--- where outp1 is one of the partner interfaces


would present the partner network of 172.16.5.0/24 as 192.168.5.0/24 to your internal Netmanagers

If you are using ASA 8.3 then i suspect that NAT statement is no longer valid though and i haven't had to time to read up on the new NAT commands - must get round to doing that

Jon

467
Views
0
Helpful
1
Replies
CreatePlease to create content