https://community.cisco.com/t5/network-security/multiple-interfaces-for-hide-nat-issue/m-p/2045107#M398544 <P>Hey Experts, </P><P></P><P>I'm struggling with a NAT config and would appreciate some help to get myself going! Its a Cisco FWSM running version 4 in a 6509. </P><P></P><P>We have a requirement to "Hide NAT" traffic coming from a Load Balancer IP behind the interface of the network it is accessing. So far this works fine:</P><P></P><P>global (first_interface) 1 interface</P><P>nat (inside) 1 10.10.10.10 255.255.255.255</P><P></P><P>In this example, 10.10.10.10 is the IP that the LB uses to send traffic and when it sends to the servers behind the first_interface it is translated successfully and all is good. </P><P></P><P>Now, I need to add a second interface to the mix, so when the LB sends traffic to the second_interface, the traffic is also hidden, but this time its hidden behind the second_interface. </P><P></P><P>I can't add a second NAT pool entry that matches the same source IP, as I get a duplicate NAT entry error. If I try adding&nbsp; a second global statement as follows:</P><P></P><P>global (second_interface) 1 interface</P><P></P><P>Then it also doesn't work - I'm guessing because the NAT process is kicking in before the routing is decided? It's late, so I'm fed up of looking at it. Can someone let me know if I am missing something obvious here!?</P><P></P><P>Any information would be much appreciated!</P><P><BR />Cheers</P><P></P><P>Jon</P> Tue, 12 Mar 2019 00:01:18 GMT jonathanaxford 2019-03-12T00:01:18Z https://community.cisco.com/t5/network-security/multiple-interfaces-for-hide-nat-issue/m-p/2045107#M398544 <P>Hey Experts, </P><P></P><P>I'm struggling with a NAT config and would appreciate some help to get myself going! Its a Cisco FWSM running version 4 in a 6509. </P><P></P><P>We have a requirement to "Hide NAT" traffic coming from a Load Balancer IP behind the interface of the network it is accessing. So far this works fine:</P><P></P><P>global (first_interface) 1 interface</P><P>nat (inside) 1 10.10.10.10 255.255.255.255</P><P></P><P>In this example, 10.10.10.10 is the IP that the LB uses to send traffic and when it sends to the servers behind the first_interface it is translated successfully and all is good. </P><P></P><P>Now, I need to add a second interface to the mix, so when the LB sends traffic to the second_interface, the traffic is also hidden, but this time its hidden behind the second_interface. </P><P></P><P>I can't add a second NAT pool entry that matches the same source IP, as I get a duplicate NAT entry error. If I try adding&nbsp; a second global statement as follows:</P><P></P><P>global (second_interface) 1 interface</P><P></P><P>Then it also doesn't work - I'm guessing because the NAT process is kicking in before the routing is decided? It's late, so I'm fed up of looking at it. Can someone let me know if I am missing something obvious here!?</P><P></P><P>Any information would be much appreciated!</P><P><BR />Cheers</P><P></P><P>Jon</P> Tue, 12 Mar 2019 00:01:18 GMT https://community.cisco.com/t5/network-security/multiple-interfaces-for-hide-nat-issue/m-p/2045107#M398544 jonathanaxford 2019-03-12T00:01:18Z https://community.cisco.com/t5/network-security/multiple-interfaces-for-hide-nat-issue/m-p/2045108#M398545 <HTML><HEAD></HEAD><BODY><P>You cannot add the following as the source IP can only live behind one interface.</P><P></P><P>nat (second_interface) 1 10.10.10.10 255.255.255.255</P><P></P><P>You can however add the following:</P><P></P><P>nat (inside) 1 10.10.10.10 255.255.255.255</P><P>global (second_interface) 1 interface</P><P>global (first_interface) 1 interface</P><P></P><P>-Kureli</P></BODY></HTML> Mon, 08 Oct 2012 19:17:49 GMT https://community.cisco.com/t5/network-security/multiple-interfaces-for-hide-nat-issue/m-p/2045108#M398545 Kureli Sankar 2012-10-08T19:17:49Z