Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
488
Views
10
Helpful
2
Replies

NATing to a same IP of another host in the same network

Go to solution
Robert Dantes
Level 1
Level 1

‎05-03-2017 05:41 PM

Hi Experts,

We are in the process of migrating from a Solarwinds on a windows OS monitoring system to Linux based one. this system is monitoring a number of device on a remote site over VPN that we dont have control of the far end VPN peer.

It was easy to just use the IP address of the old Windows Box and use it on the new Linux Box. however we still need RDP access to the remote devices it was monitoring. The tunnel is configured as a host only source for the monitoring server to the remote subnet. My question is how can make this work thru NAT since we don't control the VPN peer on the far end to add another IP in the encryption domain.

ASA  5545 version 9.4(2)6

encryptionacl looks like this:

access-list monitoring extended permit IP host 10.1.1.10 192.168.1.0 255.255.255.0

so basically the old monitoring server is 10.1.1.10 we gave that IP to the Linux server, and give the old monitoring server IP 10.1.1.20

I applied a dynamic nat:

nat (inside,outside) 123 source dynamic obj-10.1.1.20 obj-10.1.1.10 destination static Remote-Subnet

with that NAT, I am able to reach from 10.1.1.10 and 10.1.1.20 the remote subnet, However my SNMP traps from the remote network are not arriving on the actual 10.1.1.10 Linux server. The traffic sourced from the remote network are not getting to the actual 10.1.1.10 device.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
singhkulbir29881
Level 1
Level 1

‎05-05-2017 08:32 AM

Hi Robert,

You are trying manual NAT for this 10.1.1.20 IP which is the most preferable. Try the following statements:-

nat (inside,outside) 10 source dynamic obj-10.1.1.10 obj-10.1.1.10 destination static Remote-Subnet Remote-Subnet

nat after-auto 123 source dynamic obj-10.1.1.20 obj-10.1.1.10 destination static Remote-Subnet Remote-Subnet 

Please rate if this is helpful.

View solution in original post

2 Replies 2

Go to solution
singhkulbir29881
Level 1
Level 1

‎05-05-2017 08:32 AM

Hi Robert,

You are trying manual NAT for this 10.1.1.20 IP which is the most preferable. Try the following statements:-

nat (inside,outside) 10 source dynamic obj-10.1.1.10 obj-10.1.1.10 destination static Remote-Subnet Remote-Subnet

nat after-auto 123 source dynamic obj-10.1.1.20 obj-10.1.1.10 destination static Remote-Subnet Remote-Subnet 

Please rate if this is helpful.

Go to solution
Robert Dantes
Level 1
Level 1
In response to singhkulbir29881

‎05-05-2017 06:23 PM

Thank you Sing!

It worked, though i had to use static source on the line translating 10.1.1.10 for me to be able to receive the traps sent from the remote network. And for some reason ping is not working for 10.1.1.20 but im able to RDP to the remote devices from 10.1.1.20. Ping only works if sourced from 10.1.1.10.

Command used as ASDM entered.

nat (inside,outside) 123 source static obj-10.1.1.10 obj-10.1.1.10 destination static Remote-Subnet Remtoe-Subnet


nat (inside,outside) after-auto 10 source dynamic obj-10.1.1.20 obj-10.1.1.10 destination static Remote-Subnet Remtoe-Subnet

0 Helpful
Customers Also Viewed These Support Documents