Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
520
Views
5
Helpful
1
Replies

ASAv in Azure, need NAT help

John Johnson
Level 1
Level 1

‎02-22-2018 12:59 PM - last edited on ‎02-21-2020 11:35 PM by Community Manager

We are working a proof of concept in the Azure Cloud and I am running into a few issues using the Internal Load Balancer that Azure offers.  I have been informed by Azure support that their internal Load Balancers will drop any traffic with a public ip source address and because of this i need to NAT all inbound public source ip addresses to the inside interface ip address.

For example:  At home you are assigned x.x.x.x as a public ip address and attempt to access a website i have in Azure.  When your IP Address of x.x.x.x hits my ASAv it needs to be NAT to my inside interface ip address of y.y.y.y otherwise the webserver behind the load balancer does not know where to return the traffic.

Also, if anyone has experience with ASAv and Azure Load Balancers please feel free to offer suggestions.

Please feel free to ask any questions for clarification.

 

Thanks in Advance

John

Labels:
0 Helpful
1 Reply 1

Flavio Miranda
VIP
VIP

‎02-23-2018 04:28 AM

Hi @John Johnson

 There are some inconsistency in the explanation. First, make no sense Azure say that if the IP is a public one they can't reply. If you try to access from home where you have only on public IP connected to your PC, why on Earth they can't reply?

 Well, but it is up to them, right?

 Now, my second doubt. How is your ASA connected to the Azure?  And what is the final goal here.

 If you have a firewall, it is supposed that the objective is filter traffic behind this firewall. What do you mean by "At home you are assigned x.x.x.x as a public ip address and attempt to access a website i have in Azure.  When your IP Address of x.x.x.x hits my ASAv it needs to be NAT to my inside interface ip address of y.y.y.y "

 How would be possible that a home public IP address could hit the firewall? 

 And how is it possible that the firewall inside interface is able to talk with Azure, which I assume is on the Internet?

 Please, try to elaborate this and if possible send us a simple draw.

 Sorry for so many questions but the objective here is try to help you.

 

-If I helped you somehow, please, rate it as useful.-

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card