Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
777
Views
0
Helpful
1
Replies

Inbound policy NAT on FWSM

axa_tech_uk
Level 1
Level 1

‎06-02-2011 05:45 AM - edited ‎03-11-2019 01:41 PM

Hi,

I'm struggling with a piece of configuration in our data centre.  We are trying to deliver email synchronisation to iPhone/iPad clients using the Microsft ActiveSync protocol.

In the data centre we use FWSM firewall running OS 4.1(3) and use CSM 4.0 to manage them.

To do this I have a registered public IP address mapped to a URL which is configured with a static destination NAT (public-to-private).  However, because the application architecture design is so challenging () I have user authentication servers in my DC tier 2 application layer and not my tier 1 (public) environment.

So, I do not want to allow a source address of "any" down into T2 and need to apply a source_NAT to the inbound packet from the Internet client.

I believe I need to create a dynamic policy NAT configuration.  I have configured this, every which way but loose but the NAT is not happening.  The connection still shows as a public IP address when it reaches my T2 firewall logs.

Does anyone have a link to creating an inbound source_NAT configuration?

Cheers

Dave

Labels:
0 Helpful
1 Reply 1

brquinn
Level 1
Level 1

‎06-03-2011 11:49 AM

Dave,

When you configure dynamic policy nat from outside to inside, you need to use the "outside" keyword on your NAT statements.

Ex:

nat (outside) 10 access-list outside_nat outside

global (inside) 10 10.10.10.1

Does this help? If not, can you share an example of the configuration that didn't work?

Thanks,

Brendan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card