[c-nsp] NAT and hairpin's

Ted Mittelstaedt tedm at toybox.placo.com
Fri Jul 18 11:56:09 EDT 2008


So what happened to the CPU of the ASA when the PC and server
started sending 100Mbt of data to each other?  Or was one of
them running 10BaseT, half-duplex?

Ted

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Fawcett Simon
> Sent: Thursday, July 17, 2008 3:40 AM
> To: Geyer, Nick; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] NAT and hairpin's
> 
> 
> I have done this on an ASA running 7.2 code. It definitely works
> 
> What happened was the inside sever was say 10.0.0.1 with an outside
> address 1.1.1.1 all client traffic by default was natted to a hide
> address 2.2.2.2.
> 
> My pc therefore 
> 
> Was 10.0.0.2 heading for 1.1.1.1.  I was natted by the hide address so
> my source was 2.2.2.2.
> 
> The only odd thing about it was that you then needed to permit on the
> ouside interface inbound traffic from  2.2.2.2 going to 1.1.1.1 and
> everything worked.
> 
> I hope this makes sense and helps someone
> 
> God bless the ASA
> 
> Simon 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Geyer, Nick
> Sent: 17 July 2008 06:16
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] NAT and hairpin's
> 
> Hi Everyone,
> 
>  
> 
> Just wondering if anyone has come up with a way to hairpin traffic using
> a Cisco router? The problem is as follows;
> 
>  
> 
> Say for example I have a router connecting to the Internet and an
> internal LAN doing normal NA, e.g;
> 
>  
> 
> 203.1.2.3 -> ROUTER <- 192.168.1.0/24 (203.1.2.3 being the public IP on
> the "outside" interface)
> 
>  
> 
> I have an application that talks from clients on the Internet to an
> internal server (192.168.1.1), with the appropriate static NAT's setup
> on the router to forward the traffic. The problem is the internal
> clients also need to talk to the server but on the public IP address
> (203.1.2.3). The traffic from the internal clients will hit the router
> but it wont translate and forward the traffic because its coming from
> the "inside" interface (and the static NAT only works for requests from
> the outside interface).
> 
>  
> 
> I don't believe it can be done but just thought I would ask in case
> anyone has come up with a weird and wonderful way.
> 
>  
> 
> Cheers,
> 
>  
> 
> Nick Geyer.
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


More information about the cisco-nsp mailing list