cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
973
Views
0
Helpful
0
Comments
Meddane
VIP
VIP

NAT Reflection is a method that allows communication of internal PCs to access DMZ Server using the Public IP Address of the server instead of the Private IP Address. One of the common use case is Cisco Expressway Series for MRA and WebRTC.

In Single NIC Deployment, the Cisco Expressway-C must be configured to point the Unified Communication Traversal Zone to the Public IP of the Cisco Expressway-E located in the DMZ Zone. To allow the communication from Cisco Expressway Core that is destined to the public IP address of the Cisco Expressway-E, NAT Reflection must be applied on the Core Firewall.

The reason why the Cisco Expressway Core's Traversal Zone must point to the FQDN of the Cisco Expressway Edge that resolves to the Public IP Address, with Static NAT Mode where you put the Public IP Address of the Cisco Expressway Edge in order to replace the Embedded Private IP Address with a Public IP Address inside the SIP INVITE, therefore the Cisco Expressway Edge expects to see inbound signaling and media from Expressway Core be sent to the Public IP Address instead of the Private IP Address. In this case, without NAT Reflection, the traversal connection will not be established.

On Cisco Secure Firewall (Formerly Firepower Threat Defense), NAT Reflection is implemented using Manual NAT as shown below:

NAT Reflection TOPO1.png

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: