Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1088
Views
0
Helpful
1
Replies

Possible NAT config for the Following scenario??

Ely Tovar
Level 1
Level 1

‎11-02-2017 09:32 AM - edited ‎03-10-2019 12:55 AM

Hi Guys.

 

I´m here for some guidance to get throught the following scenario.

 

Server BBB needs to reach Server AAA but I want to hide Server BBB real IP address. Also the ip address of AAA needs to be natted on the destination because the Firewall(checkpoint) is used as a default gateway for BBB and also this firewall has the same net that is used with server AAA.

 

So the flow of the traffic is like this:

 

- When BBB sends a packet, this packet goes to the Checkpoint, then to the ASA, and the ASA is going to NAT source and destination to reach AAA.

 

Switch 3 is a service switch that is delivering a lot of vlans to the ASA. This ASA is connected to the switch and is using sub-interfaces associated to vlans for every service.

 

The thing is:

 

The ASA knows the real address of AAA, because is using the same vlan of that subnet, so it can reach the server because is on the same segment, but there´s not any layer 3 device in between, just Layer 2 devices.

 

So if I applied the following NAT

 

nat (INSIDE,To-AAA) source static BBB-ori BBB-natted destination static AAA-natted AAA-ori

 

Should it work? 

 

Thanks in advance,

Labels:
Preview file
30 KB
0 Helpful
1 Reply 1

chrisgray1
Level 1
Level 1

‎11-20-2017 05:06 AM

Hi,

 

So the ASA is the L3 on the AAA segment. Then I think so...

Your NAT on the ASA should work. Did you try it and it doesn't work?

0 Helpful
Customers Also Viewed These Support Documents