ATM(Internet and DSL subints)<-->7206<-->Firewall<--> internal network
The DSL subinterfaces are injected into the ATM circuit; they use 192.168.x.0 and 192.168.y.0 subnets. They are used by company employees for home network and internet connectivity. The internal network is configured for several other 192.168.Z.0 subnets. Each DSL subinterface is configured for NAT inside, as is the inside interface on the 7206 from the Firewall. The outside
interface on the 7206 handles the outside NAT.
Goal: we want to replace the firewall with an ASA, and move the NAT there from the 7206. However, this presents several challenges. First, we cannot remove the DSL subinterface connections yet (to be replaced with VPN connections). So, we have private addresses on the DSL connections on the outside of the firewall that need NAT for internet access. We feel confident
we can handle security and routing issues, but NAT is challenging.
Our plan is to handle NAT with two different policies, one for the internal network users, the other for the DSL users. One NAT policy would translate internal network users to one public
IP address on the external interface of the ASA, the other NAT policy would translate the DSL users to the existing NAT address on the external interface of the 7206. Our concern is having the traffic that is NAT'd from the ASA traversing the 7206, where another NAT OUTSIDE configuration resides.
If we carefully specify what address ranges are being NAT'd by each policy, will this work? If not, can anyone suggest an alternative? Thanks in advance. PD
For outside NAT, you need to identify the nat command for outside NAT (the outside keyword). If you also want to translate the same traffic when it accesses an inside interface (for example, traffic on a DMZ is translated when accessing the Inside and the Outside interfaces), then you must configure a separate nat command without the outside option. In this case, you can identify the same addresses in both statements and use the same NAT ID.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...