cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
604
Views
0
Helpful
6
Replies

NAT Public IP to Private IP for AWS

ajemery9
Level 1
Level 1

Hi,

We currently use a public /24 IP range for a server network, we just had a request to access a server in this network over an aws vpc, however aws does not support connecting to public IP's.  Is there a way I can NAT this to a private IP  to allow our aws vpc to connect to this over the vpn tunnel between us?

6 Replies 6

@ajemery9 yes you can do that. You don't say what device you are using, so I assume ASA. Here is an example, translate the original source network to the translated src network when sending traffic to the AWS networks.

nat (INSIDE,OUTSIDE) source static ORIGINAL_SRC TRANSLATED_SRC destination static AWS_NET AWS_NET

Create objects for the objects referenced in the NAT rule.

Hi Rob, yes this is an ASA.  I thought we could do it this way but wasn't 100% sure.  For the private IP should I just pick a range that isn't in use currently and make this my "private nat" range.  I'm sure they will need access to more servers on prem in the future.

@ajemery9 yes pick an unused private IP address range and dedicate it for this AWS VPN NAT.

@Rob Ingram I have the following configured but is doesn't seem to be working, am I missing something?

Hypothetical IP's

Server IP - 1.2.3.4 

AWS NAT - 192.168.1.10 

AWS Range - 10.240.0.0/16

nat (Inside,Outside) source static SERVER_IP AWS_NAT destination static AWS_RANGE AWS_RANGE

access-list filter_aws extended permit tcp object AWS_RANGE object SERVER_IP eq 8000

route Outside 192.168.1.0  255.255.255.0  OUTSIDE_INTERFACE_IP

balaji.bandi
Hall of Fame
Hall of Fame

as per the information technically possible, i guess, 

 

however aws does not support connecting to public IP's

 

Some how I am not convinced with this statement, why AWS not able to connect public IP ?

 

https://docs.aws.amazon.com/whitepapers/latest/cross-domain-solutions/connecting-on-premises-infrastructure.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

This is the error they are getting when trying to add the public ip on the aws side.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: