Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Searching for ideas on how to redirect traffic

Hi,

Scenario;

Network: New York = 172.30.7.0/24

Network: Washington = 172.30.8.0/24

Network California = 172.30.9.0/24

Network: new Location = 172.30.10.0/24

WAN Mesh = MPLS

New York facility (Users, packaging, warehousing, etc) will be systematically moving to a new Location. Current EDI host resides in New York Facility at IP 172.30.7.200. A new EDI is setup and will be deployed to the new Location and configured with a new 172.30.10.200.

A change to the DNS record will resolve 80% of connectivity issues from LAN devices to the new EDI host. However, there are rogue devices such as hand held scanners statically configured to connect to the Current EDI host IP address rather than FQDN.

I'm looking for some ideas how I can fool or NAT translate on the destination to the 172.30.7.0 host, say 172.30.7.200 when these packets come in from New York, Washington or California. I need these packets to be redirected to 172.30.10.200.

Being that the New York network is a flat 172.30.7.0 subnet, I don't know how I can utilize both the inside and outside interface to accomplish this goal!

Perhaps I would need to create a second routable VLAN (172.30.11.0/24), place the inside interface into the 172.30.7.0 subnet and the outside into the 172.30.11.0/24 subnet, and static route back into the MPLS interface at IP 172.30.7.1, where 172.30.10.0/24 will be found in the BGP routing table?

Thoughts anyone?

Please respond to Jeffrey.Krawczyk@gmail.com

Regards

Jeff

2 REPLIES
Cisco Employee

Re: Searching for ideas on how to redirect traffic

Destination nat config is below.

same-security-traffic permit intra-interface

static (inside,inside) 172.30.7.200 172.30.10.200

Assuming you are running pix/asa 7.x and above code.

The above static line will U-Turn all traffic destined to 172.30.7.200 arriving on the inside interface out the same interface to 172.30.10.200

Community Member

Re: Searching for ideas on how to redirect traffic

Hi Kusankar,

I've tried this and it isn't working. The packet-tracer doesn't have any BLOCKs. I see the global land local address in the logs.

I have this setup in a lab. 172.16.200.103 is my test PC. 172.16.99.35 is my inside global IP mapped to the real address of a HP print server 172.17.100.17.

I'll have to dig deeper, example check arp,

If you have any thoughts, please shoot them my way.

Best

Jeff

%PIX-6-302020: Built ICMP connection for faddr 172.16.200.103/1 gaddr 172.16.99.35/0 laddr 172.17.100.17/0

%PIX-6-302021: Teardown ICMP connection for faddr 172.16.200.103/1 gaddr 172.16.99.35/0 laddr 172.17.100.17/0

167
Views
4
Helpful
2
Replies
CreatePlease to create content