Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2393
Views
0
Helpful
4
Replies

ASA 5505 NAT Reflection

Chi Fai Leung
Level 1
Level 1

‎12-12-2014 10:01 PM - edited ‎03-11-2019 10:13 PM

Hi,

Our have a software must setup a public IP address to connect the inside server (assigned a inside IP address) at outside, that made the NAT on the outside ASA 5505 fw.

inside server (192.168.10.152) --- FW (NAT 1:1 192.168.10.152  <> 202.32.48.152) ---- Outside client (connect 202.32.48.152)

Now the outside client will be traversal between inside and outside and the client software will not support the DNS ... Is it possible I set the NAT Reflection on ASA 5505? Have this function on ASA 5505?

Labels:
0 Helpful
4 Replies 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎12-13-2014 03:37 AM

Hi,

Do you want to access the Server on the Public IP from the Inside Interface ?

If yes , we can make some NAT statement which can resolve this issue.

Please let me know which version you are using on the ASA device ?

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Chi Fai Leung
Level 1
Level 1
In response to Vibhor Amrodia

‎12-13-2014 07:23 AM

Hi,

Yes, I want to access the Public IP address from inside interface ... the client will access 202.32.48.152 in inside, then the ASA fw should return back the 192.168.10.152 (NA reflection function) ...

My ASA 5505 version:

ASA Version: 8.2(1)
ASD Version: 6.2(1)

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to Chi Fai Leung

‎12-15-2014 04:42 AM

Hi,

So , at this moment , you would have something like this NAT configured:-

static (inside,outside) 202.32.48.152 192.168.10.152

You would need to create this statement on the ASA device:-

static (inside,inside) 202.32.48.152 192.168.10.152

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Joe Doran
Level 1
Level 1
In response to Chi Fai Leung

‎06-04-2015 09:16 PM

Depending on your requirements you may be able to get away with a DNS rewrite.

You have a public A record that resolves to 202.32.48.152. You have a NAT statement for 192.168.10.152 <-> 202.32.48.152. And you want to access 192.168.10.152 when you are on the inside. You can perform a DNS rewrite to cause the ASA to intercept and rewrite the DNS Answer to the query for the A record that publically returns 202.32.48.152. The ASA would rewrite 202.32.48.152 to 192.168.10.152. Your internal client would have no awareness of any of this and proceed to access 192.168.10.152.

 

I hope that helps someone.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card