Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Are there any know issues running AD through and ASA with NAT?

Hi - I want to have Server A on a protected DMZ talking to an AD server connected to another interface on the ASA.

Server A will have it's address NATd.

Are there any know issues with this or is it easy to implement?

From what I can see, AD uses DNS so I would need to use the DNS inspection feature to make sure that still worked.

Can anyone tell me if there are any other problems with what I want to try and do?

Many Thanks, Dom

1 REPLY
New Member

Re: Are there any know issues running AD through and ASA with NA

All sessions that connect through the security appliance must undergo some form of network address translation, or NAT. Each NAT or NAT Overload (PAT) session is assigned a translation slot known as an xlate. These xlates can persist even after you make changes to the NAT rules that affect them. This can lead to a depletion of translation slots or unexpected behavior or both by traffic that undergoes translation.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml#nat

106
Views
0
Helpful
1
Replies
CreatePlease to create content