cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1588
Views
10
Helpful
2
Replies

Static NAT understanding

mikolajkoziel94
Level 1
Level 1

Hi, I am just trying to understand better how does the NAT work and I have problem to understand the topology below. The question which I have is: why the link between firewall and the router is using public address, rather then private ? The router to which firewall is connected has already a public address on its interface, so if we are mapping a private address to the public, in this case hosts: Main File Server and Development Server, is that necessary that the Firewall have to have a public IP address on its link to the router, even if a router behind has a public IP?

static_NAT.PNG

2 Accepted Solutions

Accepted Solutions

luis_cordova
VIP Alumni
VIP Alumni

Hi @mikolajkoziel94 ,

 

I share my impression:

Apparently, the process of translating private addresses to public addresses does so before routing packets outside the LAN.

This is not the usual procedure, but it is possible and it may be that the search for IP from end to end is more difficult.

Moreover, if you wanted, you could translate the public addresses used in the LAN by other public addresses in the border router.

 

Regards

View solution in original post

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Your router has an ip which is in the same subnet of the fw outside interface and then it's connected to internet.
Maybe this router shows your ISP router.
Your firewall had a public IP and you want your hosts to reach internet and also maybe to be accessed from outside. That's why you're doing natting on your firewall.
If the interconnection between your FW and your router was private you might have configured nat onto the router (except specific use case like your isp router is connected to asa using a private address but not capable to have multiple inside subnets or additional static routes. In this case you would have done nat to nat all subnets to a global private address within the range connecting your FW and switch)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

2 Replies 2

luis_cordova
VIP Alumni
VIP Alumni

Hi @mikolajkoziel94 ,

 

I share my impression:

Apparently, the process of translating private addresses to public addresses does so before routing packets outside the LAN.

This is not the usual procedure, but it is possible and it may be that the search for IP from end to end is more difficult.

Moreover, if you wanted, you could translate the public addresses used in the LAN by other public addresses in the border router.

 

Regards

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Your router has an ip which is in the same subnet of the fw outside interface and then it's connected to internet.
Maybe this router shows your ISP router.
Your firewall had a public IP and you want your hosts to reach internet and also maybe to be accessed from outside. That's why you're doing natting on your firewall.
If the interconnection between your FW and your router was private you might have configured nat onto the router (except specific use case like your isp router is connected to asa using a private address but not capable to have multiple inside subnets or additional static routes. In this case you would have done nat to nat all subnets to a global private address within the range connecting your FW and switch)

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question