Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
3
Replies

Doulble Nat with PAT

pmcglory
Level 1
Level 1

‎09-06-2011 02:59 AM - edited ‎03-11-2019 02:21 PM

I have two RFC1918 domains I wish to connect, can I use double NAT with PAT so that each domain is represented as one single ip address with each session a port of that address-

The link is a private point to point link with a /32 mask so could I use this as the PAT address???

Regards

Labels:
0 Helpful
3 Replies 3

varrao
Level 10
Level 10

‎09-06-2011 03:37 AM

Hi,

Yes you can use that, but I wouuld like if you can explain it with an example and the subnets that you are working with and what do you mean by double nat??? Is it multiple nat statements with a single pat statement?? Wat version are you using?

-Varun

Thanks,
Varun Rao
0 Helpful

pmcglory
Level 1
Level 1
In response to varrao

‎09-06-2011 05:47 AM

Hi Varun,

Its a bit rough but you get the idea. This is a proposal so I may buy a pair of ASA's if this works.

Regards

Pmcg

0 Helpful

varrao
Level 10
Level 10
In response to pmcglory

‎09-06-2011 06:04 AM

Hi Pmcg,

If I go by the topology, I see what you mean by double nat, I guess you would do natting for the same traffic twice, once on the 1st firewall and the then on the 2nd firewall.

As per it, yes you can do it, no issues.

Let me explain the scenario:

lets say the machine, 10.1.1.1 needs to access the other hosdt 10.1.1.1 behind the second firewall, so what you would need is, you would need to first translate the destination on the first firewall, since it has the same subnet as well:

static (outside,inside) 20.1.1.1 10.1.1.1

which means the source machine should send a request to the machine 20.1.1.1, when this request hits the first firewall, it would untranslate the 20.1.1.1 to 10.1.1.1 and send it to the 2nd firewall.

On the first firewall you would also need to translate the source as well:

nat (inside) 1 0.0.0.0 0.0.0.0

global (inside) 1 interface

Now on the second firewall,. it would see the request coming from the interface ip of the first firewall, so you need an access-list on the outside interface to permit the traffic.

and

static (inside,outside) 10.1.1.1 10.1.1.1

This is just a single example, so according to your requirement. So before going for it, make sure you have all your requirements clearly defined with the whole network topology.

Hope this was helpful.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card