11-15-2016 10:36 AM - edited 03-12-2019 01:32 AM
Is it possible to nat as required by the below parameter's?
We wish to nat 192.168.200.0/24 (our private MPLS will not route any 192.168.x.x subnets by design) to another private range that our MPLS will route; 10.52.1.0/24.
We also wish to do the above nat only when the destination is on our private MPLS. Otherwise if the 192.168.200.0/24 is accessing the internet we wish to nat it to the outside public address.
11-15-2016 11:38 AM
Hi John
Yes this is possible and used in scenarios like yours. You may use a Twice-NAT rule to NAT your network to another range in case the destination matches your MPLS ip range.
Sample configuration that will NAT LAN_INSIDE to LAN_INSIDE_NAT if traffic is traffic is sent from LAN_INSIDE to LAN_MPLS.
nat (inside,mpls) source static LAN_INSIDE LAN_INSIDE_NAT destination static LAN_MPLS LAN_MPLS net-to-net
Mark as helpful if this answers your question.
11-16-2016 05:19 AM
kaisero
Thank you very much for the response.
I am unclear about the config parameters inside the parenthesis (inside,mpls)
My understanding of what config items need to be in the parenthesis is this: " inside and mpls must be an interface on the FW".
So we would need to create an interface called MPLS which would be the network(vlan) of the MPLS router that we will install and the routable subnet; is that correct?
A second question:
In my example networks used above; the 192.168 is the inside network and the 10.52 is to be the IP address range of the MPLS router LAN side IP address we will install and the natted range that is allowed to route over our MPLS.. So in your example above how would I code the object networks?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: