04-13-2010 12:38 AM - edited 03-04-2019 08:07 AM
Hi
Consider I got static NAT for a host on ASA, then traffic from outside to inside is DNAT and traffic inside to outside is SNAT.
Is the above correct
Thanks
Mel
04-13-2010 12:41 AM
Yes, you are right.
Example:
static (inside,outside) 200.1.1.1 10.1.1.1 netmask 255.255.255.255
Outbound traffic from inside to outside, 10.1.1.1 will be NATed to 200.1.1.1
Inbound traffic from outside to inside towards 200.1.1.1 will be NATed back to 10.1.1.1
As per stated in Firewall forum:
04-13-2010 01:03 AM
Hi
The example you mentioned is exactly what I got, but does it fullfill the following need in Step 1, its not clear to me.
Step 1 – Configure the firewall to perform DNAT inbound and SNAT outbound for the A/V Edge external interface
In any location with multiple Edge Servers deployed behind a load balancer, the external firewall cannot function as a network address translation (NAT) device. However, in a site with only a single Edge Server deployed, the external firewall can be configured as a NAT.
If you do so, configure the NAT as a destination network address translation (DNAT) for inbound traffic—in other words, configure any firewall filter used for traffic from the Internet to the Edge Server with DNAT, and configure any firewall filter for traffic going from the Edge Server to the Internet (outbound traffic) as a source network address translation (SNAT). The A/V Edge server external interface will have a private IP address, as shown in Figure 1.2.
04-13-2010 01:57 AM
Yes, it would definitely fullfil the requirement.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide