How to published a server into Internet ,the Subnet is Laying in Internet Router.

narayanan_b · ‎04-26-2017

Hi !

Please help me to configure for nat a server into internet ,the Subnet is laying in Internet router. The internet router has one primary address and two secondary IPs configured. I want to publish the server using secondary subnet of the internet router interface. which not in ASA interface. Kindly see the attachment for rough diagram. The all addresses in Internet router is public addresses. Required route added in router pointing ASA Outside

interface.

Thanks,

.

Ajay Saini · ‎04-26-2017

I am assuming below things for proving a suggestion, please correct if I am wrong.

-the server is in bb.bb.bb.0 subnet and its gateway is outside interface of ASA

-the incoming traffic from internet to server and the reply packets from server will both be u-turned off the outside interface of the ASA.

On basis of this assumption, we can create a NAT statement something like

object network obj-bb.bb.bb.x

host bb.bb.bb.x

nat (outside,outside) source static network obj-bb.bb.bb.x network obj-bb.bb.bb.x

arp permit-nonconnected ---> this would enable ASA to proxy arp on behalf of server which is in a different subnet from the ASA itself.

same-security-traffic permit intra-interface -----------> to allow u turn traffic

Try this in a downtime and see if it works.

narayanan_b · ‎05-01-2017

I have tried the above solution . That was not working.

Thanks

Ajay Saini · ‎05-03-2017

Could you please provide running config snapshot and also attach some syslogs when you are trying to access.

-AJ