Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

two way NAT on cisco ASA

Status
Not open for further replies.
mig25r

mig25r

Technical User
Nov 15, 2010
2
SG
Hello,

In a network setup, we require to use the same public IP for both outbound traffic & inbound traffic for services with a private 172.16.1.2 address on an ASA.

172.16.1.2 ----> Internet : should use public x.x.x.x
Internet ------> 172.16.1.2 : should use same x.x.x.x public

that is both ways the public ip used should be the same with this private ip.

It will be helpful if someone can guide, on how it can be achieved.

Thank You.
 
Sort by date Sort by votes
Welcome to tek-tips.

The setup you desire is relatively easy, but it will take a few co-ordinated steps.

First, you will want to ensure that your PUBLIC dns points to the PUBLIC IP associated with your router. In this instance I say router, but I mean whatever device you are using for your private / public gateway. This will cause legitimate traffic to go to that IP address.

Second, you will need to put up inbound firewalls on all other inbound PUBLIC IP addresses. There is no way in naming to prevent someone from trying to scan or access them if they are there and active.

Third, in your LAN DNS configure the LAN gateway as the PRIVATE IP of your gateway. This will effectively bridge your public and private IP address, causing that IP set to be used for all traffic.

Fourth, you will need to port forward from your gateway any services that you want to operate on your LAN, such as email, web, etc. The port forwarding will point to the private IP of the device that is hosting the service.

Fifth, you will want to put up outbound firewalls on any active, public facing IP addresses, to prevent someone from attempting to use it as the gateway.

This type of setup is also common in residential applications where there is only one access pipe and a basic router is used to perform NAT between the two domains.
 
Upvote 0 Downvote
thanks for helping with that. But what i am actually looking for is specific configurations that requires on ASA , when the same public ip will be used only by a specific local ip for outbound and the same public ip will be used for web service hosted on the same private ip for incoming traffic from internet to this private ip server.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
474
maybeimaleo
maybeimaleo
Tony D
  • Locked
  • Question
NAT Port Forwarding
Replies
0
Views
307
Tony D
Tony D
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
393
sbcsu
sbcsu
chieftan
  • Locked
  • Question
IPv6 - possible issue or maybe the way it works
Replies
3
Views
98
chieftan
chieftan
d0nny
  • Locked
  • Question
Using two ADSL connections
Replies
2
Views
76
Billz66
Billz66

Part and Inventory Search

Sponsor

Back
Top