05-24-2007 04:35 AM - edited 02-21-2020 03:04 PM
I want to set up an ASA5505 remote and manage it through a IPsec-tunnel and put a static NAT on the inside interface. Is that possible since the traffic never traverses any interface? Is there a workaround or a different way to do it?
//Mike
05-30-2007 07:38 AM
The ip nat inside destination command translates the destination address of a packet going from the outside interface to the inside interface. This command is used to load balance among multiple servers on the inside network. The existence of multiple servers is hidden from the external world, which continues to use a single IP address to request the desired content. At the Network Address Translation (NAT) router, these requests are directed to one of the multiple inside servers specified in the NAT pool. This is done in a round-robin manner, distributing the load among the available servers.
The ip nat inside destination command can also be used to mask the actual IP address of a server on the inside network. This one-to-one translation is created by specifying a single address in the NAT pool. However, the translation created by this command is a dynamic translation. The ip nat inside destination command does not support the static keyword and cannot be used to build static mapping.
05-30-2007 09:14 AM
Mike,
To answer your question, you can not have a static NAT for the inside interface so that you can manage it from the outside world. If you want to make it by not going through the tunnel, use SSH to access the outside interface.
As per your question - if you want to manage it through the tunnel, use SSH to access the inside interface IP Address.
Or if you have another interface, you can use the management-access
http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/m_711.html#wp1631964
Hope this explains. Let me know if you have questions and I will be glad to answer them.
Cheers
Gilbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide