Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT translation

Hello,

I have the following scenario: Router ? ASA ? FTP Servers cluster.

The cluster has 2 servers (192.168.130.1 & 192.168.130.2) with a virtual IP of 192.168.130.4. Communication can be initiated either from customer or from servers. When communications is initiated from customer, the customer will try to reach a fake ip 172.16.1.1 that must be translated to the virtual ip of the cluster 192.168.130.4. The reply traffic comes from the virtual ip 192.168.130.4. So if I configure a static nat at the router (192.168.130.4  172.16.1.1) incoming ftp connection works.

The problem is that when the ftp is initiated manually from the server then it uses the real ip as source (instead of the virtual) so the above static nat can not be used. Also I only have 1 fake ip (172.16.1.1) for translation.

So my question: is it possible to translate 3 inside local IPs to 1 inside global so that traffic can be initiated from both inside and outside?

Any idea will be appreciated.

Thanks,

Evi.

1 REPLY
Silver

Re: NAT translation

Before you configure a NAT rate limit, you should first classify current NAT usage and determine the sources of requests for NAT translations. If a specific host, access control list, or VRF instance is generating an unexpectedly high number of NAT requests, it may be the source of a malicious virus or worm attack. Once you have identified the source of excess NAT requests, you can set a NAT rate limit that contains a specific host, access control list, or VRF instance, or you can set a general limit for the maximum number of NAT requests allowed regardless of their source

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d09f0.html

263
Views
2
Helpful
1
Replies