Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
0
Helpful
1
Replies

twice NAT at cisco router

Andriy Sidko
Level 1
Level 1

‎10-02-2018 11:04 AM - edited ‎03-10-2019 01:05 AM

Hi guys.

 

I need to implement following scenario:

When inside computer 192.168.172.20/28 opens connection to 192.168.172.1/28 port 777/tcp (192.168.172.1 - is cisco router) connection will rewrite source  to 192.168.172.1/28:1025-65535/tcp and destination to 10.5.8.7:3389/tcp

returning packets from 10.5.8.7:3389/tcp needs to rewrite source 192.168.172.1:777/tcp and destination 192.168.172.20/28

Another words for security requirements RDP to 10.5.8.7:3389/tcp can be accessible from 192.168.172.1/28 only.

Subnet 192.168.172.16/28 isn't advertised and locked (some kind of DMZ :) to 10.5.8.0/24

Could somebody suggest?

 

Thank you.

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎10-02-2018 11:58 AM

If i were you, i try to avoid double nat, until there is no option in the network to deploy.

if possible make different segment of network for incoming RDP connections.

 

To give best advice from community post your network topo, and devices involved, which shows the flow, how the incoming connections coming in.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents