Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
0
Helpful
2
Replies

asa 5510 nat

jschweng
Level 1
Level 1

‎12-16-2010 07:06 PM - edited ‎03-11-2019 12:23 PM

we have an ASA5510 cluster pair with our managment network behind it.  There is one server on the inside interface that has to provide network management to serveral remote networks.   Each network is connected through routers directly attached to seperate interfaces on the ASA's.  However two of hte networks are using identical subnets so we need to NAT. we have to be able to route out to the remote networks from the mgt network, and receive in snmp traps.

So could we configure a one to one  NAT on the ASA's outside interface to one of the remote networks?

If the network is for example 192.168.1.0 at both remote sites, the interfaces were  RM2 and RM2, if we were to static NAT this network to 192.168.2.0 - then what routes would we put on the asa?

would we add one route to 192.168.1.0 out RM1 and one to 192.168.2.0 out RM2?

Labels:
0 Helpful
2 Replies 2

Maykol Rojas
Cisco Employee
Cisco Employee

‎12-16-2010 07:50 PM

Hi Martin,

I hope you are doing fine. So, it is like you have to manage some routers that are attached to different interfaces of the firewall, but, 2 of the routers have the same subnet as the internal server is that correct?

Could you attach a diagram of what you are trying to do? I think one thing that you can do is apply a  policy nat so your management server is translated to a different IP when they are going to the subnets in conflict.

Let me know.

Mike

Mike
0 Helpful

Renato Morais
Level 1
Level 1

‎12-16-2010 10:51 PM

Let's use your example. The network address is 192.168.1.0 at both remote sites and you have the interfaces RM1 and RM2 connected to the routers. Let's say that the addresses of the routers are 192.0.2.254 and 192.0.3.254. You can set the ASA to route the traffic to both networks using the following commands:

static (RM1,inside) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (RM2,inside) 192.168.2.0 192.168.1.0 netmask 255.255.255.0

!

route RM1 192.168.1.0 255.255.255.0 192.0.2.254 1
route RM2 192.168.1.0 255.255.255.0 192.0.3.254 2

You won't see the route for RM2 in the routing table, nevertheless it will be used because the static statement forces the traffic to go through that interface.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card