Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
2
Replies

NAT / identity NAT / twice NAT question on ASA 9.4

Andrew Hernandez
Level 1
Level 1

‎08-14-2017 04:48 PM - edited ‎03-12-2019 02:49 AM

Greetings,

I recently implemented a static NAT from an inside address (NLBip) to an outside static public address.  The server(s) are working as designed and the site is accessible via HTTP/S externally.  There two servers behind the NLB address, they're setup in a active/backup configuration and  in the same subnet as the NLB address.  However, I'm able to hit the NLB address internally, also over VPN when not in the office, unless I remove the outside NAT statement.  

I also setup a packet capture, from my VPN address to the NLB address, and no packets increment and that was with and without the static NAT.

Would this be something a twice NAT or identity NAT could fix?

NAT config: nat (NLBint,Outside) source static obj-sourceNLBip obj-destPUB

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

Mohammad Alhyari
Cisco Employee
Cisco Employee

‎08-15-2017 05:41 AM

When connected to the vpn:

1- Do you try to access the server using the external [public address] or the internal one?

2- Do you access the server via name or ip address?

Moh,

0 Helpful

Andrew Hernandez
Level 1
Level 1
In response to Mohammad Alhyari

‎08-15-2017 07:40 AM

1- Do you try to access the server using the external [public address] or the internal one? [ah-the internal address, both of the addresses (VPN and server address) live on the same ASA]

2- Do you access the server via name or ip address? [ah-Ip address]

-Andrew

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card