cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
219
Views
0
Helpful
2
Replies

Cisco ASA NAT issue

qutub.siddiqui
Level 1
Level 1

I am experiencing an issue which relates to twice NAT. 

2 environments are set up with same subnet IDs. Now requirements is to let host is Environment A needs to talk to host in Environment B.

Real Source (x.x.x.x) and destinations (x.x.x.x) IP's are belong to Same Subnet and NAT already exist to translate destination's subnet IP's to other IP's (y.y.y.y) so they can talk to other networks.

Requirement :

Host 1.1.1.1/24 in Environment A needs to talk to node (1.1.1.20/24) in Environment B 

Environment B inside interface of ASA (image using 9.13) already translating 1.1.1.20/24 to 3.3.3.20/24 using static nat entering from outside interface. 

If you have any solution to it let me know.

 

Warm Regards,

2 Replies 2

Rishabh Seth
Level 7
Level 7

Hi Qutub,

 

>>For the requirement stated above, you would require two global IPs for each side of the communication. 

>> As you cannot have two interface on ASA part of same subnet, so I am assuming that you have your HOSTA communicating over VPN to HOSTB.

>> You will have to translate the source IP and destination IP both.

eg:

>>You would need a global IP for traffic coming from HOSTA.

>>Also would require global IP for traffic coming from HOSTB. 

 

Please share:

>> the output of show ip.

>> Details of the topology, is the traffic coming over VPN?

>> Does the user initiate traffic on the global IP (3.3.3.3)?

>> What are the global IP addresses?

 

Thanks,

R.Seth

 

Hi Seth,

 

There is no VPN connectivity involved.

User initiate traffic on NAT IP (in this case user 1.1.1.1 try to connect 10.1.1.20

 

Attached is the topology and all related detail, which will give you the right understanding.

 

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: