Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
219
Views
0
Helpful
1
Replies

Are there any know issues running AD through and ASA with NAT?

d-fillmore
Level 2
Level 2

‎02-10-2009 07:09 AM

Hi - I want to have Server A on a protected DMZ talking to an AD server connected to another interface on the ASA.

Server A will have it's address NATd.

Are there any know issues with this or is it easy to implement?

From what I can see, AD uses DNS so I would need to use the DNS inspection feature to make sure that still worked.

Can anyone tell me if there are any other problems with what I want to try and do?

Many Thanks, Dom

Labels:
0 Helpful
1 Reply 1

murabi
Level 4
Level 4

‎02-16-2009 01:52 PM

All sessions that connect through the security appliance must undergo some form of network address translation, or NAT. Each NAT or NAT Overload (PAT) session is assigned a translation slot known as an xlate. These xlates can persist even after you make changes to the NAT rules that affect them. This can lead to a depletion of translation slots or unexpected behavior or both by traffic that undergoes translation.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml#nat

0 Helpful
Customers Also Viewed These Support Documents