02-14-2019 04:27 PM - edited 02-21-2020 08:49 AM
I think I need a twice nat but i have never done one and its confusing to me.
My scenario is this:
Client A = 10.81.113.10
Server B = 10.0.1.4
Site A has Client A
Site B has Server B
Client A cannot hit Server B on its IP address (real IP). Server B sits behind an ASA. I have created a one to one nat for Client A to hit 172.16.3.4 rather then 10.0.1.4.
object network SERVER_EXTERNAL_NAT_IP
host 172.16.3.4
object network SERVER_INTERNAL_IP
host 10.0.1.4
object network SERVER_INTERNAL_IP
nat (inside,outside) static SERVER_EXTERNAL_NAT_IP
So from client A to that server communication works. Now here is the issue. Because client A has an application that is set to talk to 172.16.3.4, when Server B makes a connection to Client A it uses its real IP of 10.0.1.4 and the application doesn't understand that. So how do I make sure when the server communicates out to JUST client A that its IP is source IP is 172.16.3.4?
02-14-2019 04:39 PM
Hi
You can use the following commands:
object network SERVER_EXTERNAL_NAT_IP
host 172.16.3.4
object network SERVER_INTERNAL_IP
host 10.0.1.4
object network CLIENTA
host x.x.x.x
!
nat (inside,outside) source static SERVER_INTERNAL_IP SERVER_EXTERNAL_NAT_IP destination static CLIENTA CLIENTA no-proxy-arp route-lookup
Test it and let me know.
Also, if not working, run the following command and pase the output into a text file:
packet-tracer input inside icmp 10.0.1.4 8 0 x.x.x.x —> where x.x.x.x is client A IP
02-15-2019 05:51 AM
02-15-2019 06:17 AM
I think what I am trying to accomplish is impossible.
Lets say I have Server B at site B, one single network card, 10.0.1.2. Local things connect to 10.0.1.2, but when I create the NAT for Site A to connect to it on 172.16.3.4, the local communication stops working? is it because of the NAT on the firewall?
02-15-2019 07:33 AM - edited 02-15-2019 07:34 AM
if it only has one nic card, Yes. it can either support one rule(without NAT or With NAT). to accomplish that, i would do it with two nic cards, one for local network and other for external and add routing rules on the server.
02-15-2019 08:20 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide