Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
758
Views
0
Helpful
6
Replies

NAT Public IP to Private IP for AWS

ajemery9
Level 1
Level 1

‎10-25-2022 10:49 AM

Hi,

We currently use a public /24 IP range for a server network, we just had a request to access a server in this network over an aws vpc, however aws does not support connecting to public IP's.  Is there a way I can NAT this to a private IP  to allow our aws vpc to connect to this over the vpn tunnel between us?

Labels:
0 Helpful
6 Replies 6

Rob Ingram
VIP
VIP

‎10-25-2022 10:56 AM

@ajemery9 yes you can do that. You don't say what device you are using, so I assume ASA. Here is an example, translate the original source network to the translated src network when sending traffic to the AWS networks.

nat (INSIDE,OUTSIDE) source static ORIGINAL_SRC TRANSLATED_SRC destination static AWS_NET AWS_NET

Create objects for the objects referenced in the NAT rule.

0 Helpful

ajemery9
Level 1
Level 1
In response to Rob Ingram

‎10-25-2022 11:31 AM

Hi Rob, yes this is an ASA.  I thought we could do it this way but wasn't 100% sure.  For the private IP should I just pick a range that isn't in use currently and make this my "private nat" range.  I'm sure they will need access to more servers on prem in the future.

0 Helpful

Rob Ingram
VIP
VIP
In response to ajemery9

‎10-25-2022 11:35 AM

@ajemery9 yes pick an unused private IP address range and dedicate it for this AWS VPN NAT.

0 Helpful

ajemery9
Level 1
Level 1
In response to Rob Ingram

‎11-03-2022 11:26 AM

@Rob Ingram I have the following configured but is doesn't seem to be working, am I missing something?

Hypothetical IP's

Server IP - 1.2.3.4 

AWS NAT - 192.168.1.10 

AWS Range - 10.240.0.0/16

nat (Inside,Outside) source static SERVER_IP AWS_NAT destination static AWS_RANGE AWS_RANGE

access-list filter_aws extended permit tcp object AWS_RANGE object SERVER_IP eq 8000

route Outside 192.168.1.0  255.255.255.0  OUTSIDE_INTERFACE_IP

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-25-2022 10:57 AM - edited ‎10-25-2022 10:57 AM

as per the information technically possible, i guess, 

 

however aws does not support connecting to public IP's

 

Some how I am not convinced with this statement, why AWS not able to connect public IP ?

 

https://docs.aws.amazon.com/whitepapers/latest/cross-domain-solutions/connecting-on-premises-infrastructure.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ajemery9
Level 1
Level 1
In response to balaji.bandi

‎10-25-2022 11:15 AM

This is the error they are getting when trying to add the public ip on the aws side.

Preview file
29 KB
Preview file
69 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card