Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1588
Views
10
Helpful
2
Replies

Static NAT understanding

Go to solution
mikolajkoziel94
Level 1
Level 1

‎03-21-2019 04:33 PM

Hi, I am just trying to understand better how does the NAT work and I have problem to understand the topology below. The question which I have is: why the link between firewall and the router is using public address, rather then private ? The router to which firewall is connected has already a public address on its interface, so if we are mapping a private address to the public, in this case hosts: Main File Server and Development Server, is that necessary that the Firewall have to have a public IP address on its link to the router, even if a router behind has a public IP?

static_NAT.PNG

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎03-21-2019 09:00 PM

Hi @mikolajkoziel94 ,

 

I share my impression:

Apparently, the process of translating private addresses to public addresses does so before routing packets outside the LAN.

This is not the usual procedure, but it is possible and it may be that the search for IP from end to end is more difficult.

Moreover, if you wanted, you could translate the public addresses used in the LAN by other public addresses in the border router.

 

Regards

View solution in original post

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-21-2019 09:20 PM

Hi

Your router has an ip which is in the same subnet of the fw outside interface and then it's connected to internet.
Maybe this router shows your ISP router.
Your firewall had a public IP and you want your hosts to reach internet and also maybe to be accessed from outside. That's why you're doing natting on your firewall.
If the interconnection between your FW and your router was private you might have configured nat onto the router (except specific use case like your isp router is connected to asa using a private address but not capable to have multiple inside subnets or additional static routes. In this case you would have done nat to nat all subnets to a global private address within the range connecting your FW and switch)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

2 Replies 2

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎03-21-2019 09:00 PM

Hi @mikolajkoziel94 ,

 

I share my impression:

Apparently, the process of translating private addresses to public addresses does so before routing packets outside the LAN.

This is not the usual procedure, but it is possible and it may be that the search for IP from end to end is more difficult.

Moreover, if you wanted, you could translate the public addresses used in the LAN by other public addresses in the border router.

 

Regards

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎03-21-2019 09:20 PM

Hi

Your router has an ip which is in the same subnet of the fw outside interface and then it's connected to internet.
Maybe this router shows your ISP router.
Your firewall had a public IP and you want your hosts to reach internet and also maybe to be accessed from outside. That's why you're doing natting on your firewall.
If the interconnection between your FW and your router was private you might have configured nat onto the router (except specific use case like your isp router is connected to asa using a private address but not capable to have multiple inside subnets or additional static routes. In this case you would have done nat to nat all subnets to a global private address within the range connecting your FW and switch)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Customers Also Viewed These Support Documents