Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

146
Views
0
Helpful
0
Replies
Highlighted
Subhasis.Dutta
Beginner
Beginner
‎05-11-2018 09:06 AM
‎05-11-2018 09:06 AM

NAT on Same Interface

Hi,

 

My application group want to want to access application hosted in same subnet via it's NATted IP address.

 

Source: 10.10.10.1

Destination: 10.10.10.2

NAT: 30.30.30.30

 

 

Firewall have only two zone outside and inside.

 

Both source and destination IP located in same subnet and application group access this application which is hosted in 10.10.10.2 from source host 10.10.10.1 through using url (external DNS map with 30.30.30.30 and natted with 10.10.10.2).

 

This communication is not working in below configuration.

 

obj-10.10.10.0

subnet 10.10.10.0 255.255.255.0

object network source

host 10.10.10.2

nat (inside,outside) static 30.30.30.30 

 

nat (inside,outside) after-auto source dynamic obj-10.10.10.0 interface

 

access-list acl_inside extended permit tcp any4 any4 eq 80

access-list acl_inside extended permit tcp any4 any4 eq 443

 

access-list acl_outside extended permit tcp any4 10.10.10.2 eq 80

access-list acl_outside extended permit tcp any4 10.10.10.2 eq 443

 

route outside 0.0.0.0 0.0.0.0 30.30.30.254

 

can we configure like this to resolve this issue:

object network source-in

host 10.10.10.2

nat (inside,inside) static 30.30.30.30

Labels:
0 Helpful
Reply
Latest Contents
How to Integrate Cisco Identity Services Engine with IBM Maa...
Created by pavagupt on 05-29-2020 12:45 AM
0
10
0
10
IntroductionComponentsIBM MaaS360 ConfigurationISE ConfigurationOnboard and validating access from Windows ClientEnrolling Windows 10 against IBM MaaS 360   Introduction Cisco Identity Services Engine (ISE) gives you intelligent Integrated protectio... view more
AMP4E - Cisco Threat Response and ESA Integration
Created by bremarqu on 05-27-2020 09:16 AM
0
0
0
0
Hello, This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.   This is live on the portal:https://video.cisco.com/video/6159336218001   And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg   ... view more
Migrate from C170 to C190
Created by fhk_license on 05-26-2020 02:24 AM
3
0
3
0
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
DGTL-BRKSEC-1011 - A Challenger Appears: Defending Mailboxes...
Created by chclasen on 05-20-2020 09:43 AM
0
0
0
0
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense. Join Techn... view more
ASA Image won't stay
Created by Senbonzakura on 05-19-2020 12:19 PM
3
0
3
0
I've fixed this before but now I'm running into a different type of an issue. My firewall isn't booting to the image so I have to keep reloading the image onto the ASA. Any help would be appreciated. Also my Config-Register is set to 0x1. As of right now,... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad