Can we create a static Public to Private NAT Translation from a public address on [ASA 5540 B] to a host on [Layer 3 Core Switch with hosts A]?
Let's say the outside IP is 184.108.40.206, the inside interface is 172.20.20.1/24 and the MPLS host is 192.168.20.20.
The desired translation is:
static (inside,outside) 220.127.116.11 192.168.20.20 netmask 255.255.255.255 dns
We can ping the host in question from the inside interface of [ASA 5540 B].
Currently, I'd imagine this not working because ultimately one of the routers would see a request from 192.168.20.20 and continue routing it back to segment A, and it would never get back to segment B. There's a couple of ways around this, and all involve using a private IP on host B for the translation, but I don't want to create a bunch of NAT statements across our MPLS network.
Again, I don't think this can work, but I'm hoping again hope that there's a way.
Pretty sure this won't work, but... ASA 5540 static NAT public
The answer to your question is yes, you can NAT host A on ASA 5540 B.
However, how are you routing the traffic from host A. What is the default gateway for host A? If default gateway for host A is the MPLS Router A, and it routes towards MPLS Router B and so on towards Internet B, then yes, it would all work.
However, if default gateway of host A is ASA 5510A, then you might need to change the default gateway to MPLS Router A, and if MPLS Router A default route is somewhere else but MPLS Router B, then you might want to do some PBR for hostA so it is being routed towards ASA5540B.
Threat Response Basics
What is Threat Response and how can it help my organization?
What is the cost of Threat Response?
What are the deployment options for Threat Response?
Is Threat Response available outside of the United States?
Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. This distinction recognizes Cisco's ingenuity in redefining the firewall as the basis for an integrated security platform.
Find out how Cisco stands out from the comp...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...