Can we create a static Public to Private NAT Translation from a public address on [ASA 5540 B] to a host on [Layer 3 Core Switch with hosts A]?
Let's say the outside IP is 18.104.22.168, the inside interface is 172.20.20.1/24 and the MPLS host is 192.168.20.20.
The desired translation is:
static (inside,outside) 22.214.171.124 192.168.20.20 netmask 255.255.255.255 dns
We can ping the host in question from the inside interface of [ASA 5540 B].
Currently, I'd imagine this not working because ultimately one of the routers would see a request from 192.168.20.20 and continue routing it back to segment A, and it would never get back to segment B. There's a couple of ways around this, and all involve using a private IP on host B for the translation, but I don't want to create a bunch of NAT statements across our MPLS network.
Again, I don't think this can work, but I'm hoping again hope that there's a way.
The answer to your question is yes, you can NAT host A on ASA 5540 B.
However, how are you routing the traffic from host A. What is the default gateway for host A? If default gateway for host A is the MPLS Router A, and it routes towards MPLS Router B and so on towards Internet B, then yes, it would all work.
However, if default gateway of host A is ASA 5510A, then you might need to change the default gateway to MPLS Router A, and if MPLS Router A default route is somewhere else but MPLS Router B, then you might want to do some PBR for hostA so it is being routed towards ASA5540B.
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...
Our Cisco experts and guests chat about how the integration of Cisco Secure Firewall + Secure Workload is securely accelerating application delivery by allowing NetOps to start running at DevOps speed, and what that means for business success.