10-25-2022 10:49 AM
Hi,
We currently use a public /24 IP range for a server network, we just had a request to access a server in this network over an aws vpc, however aws does not support connecting to public IP's. Is there a way I can NAT this to a private IP to allow our aws vpc to connect to this over the vpn tunnel between us?
10-25-2022 10:56 AM
@ajemery9 yes you can do that. You don't say what device you are using, so I assume ASA. Here is an example, translate the original source network to the translated src network when sending traffic to the AWS networks.
nat (INSIDE,OUTSIDE) source static ORIGINAL_SRC TRANSLATED_SRC destination static AWS_NET AWS_NET
Create objects for the objects referenced in the NAT rule.
10-25-2022 11:31 AM
Hi Rob, yes this is an ASA. I thought we could do it this way but wasn't 100% sure. For the private IP should I just pick a range that isn't in use currently and make this my "private nat" range. I'm sure they will need access to more servers on prem in the future.
10-25-2022 11:35 AM
@ajemery9 yes pick an unused private IP address range and dedicate it for this AWS VPN NAT.
11-03-2022 11:26 AM
@Rob Ingram I have the following configured but is doesn't seem to be working, am I missing something?
Hypothetical IP's
Server IP - 1.2.3.4
AWS NAT - 192.168.1.10
AWS Range - 10.240.0.0/16
nat (Inside,Outside) source static SERVER_IP AWS_NAT destination static AWS_RANGE AWS_RANGE
access-list filter_aws extended permit tcp object AWS_RANGE object SERVER_IP eq 8000
route Outside 192.168.1.0 255.255.255.0 OUTSIDE_INTERFACE_IP
10-25-2022 10:57 AM - edited 10-25-2022 10:57 AM
as per the information technically possible, i guess,
however aws does not support connecting to public IP's
Some how I am not convinced with this statement, why AWS not able to connect public IP ?
10-25-2022 11:15 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide