[c-nsp] NAT on Cisco ASA
Ryan West
rwest at zyedge.com
Fri Apr 13 10:24:50 EDT 2012
On Fri, Apr 13, 2012 at 10:13:28, Brian Morgan wrote:
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] NAT on Cisco ASA
>
> On Thu, Apr 12, 2012 at 12:49 PM, Covalciuc Piotr
> <pkovalchuc at gmail.com>
> wrote:
> > I know, the servers can communicate through local network (10.10.10.x).
> > I'd like just to know if the communication between local servers can
> > be established through NATed IP.
> > If so, how it should be configured on ASA?
>
>
> Good day Peter,
> It is possible for this to work by using a technique called hair
> pinning, the problem is that you may start getting strange behavior
> with your inside network.
> This feature was originally intended to allow vpn clients to
> communicate to each other, but can be abused to perform the NATing that you need.
> Cisco has released a nice video tutorial on how to do this
> http://www.youtube.com/watch?v=wjEfdfI0BqY and we have used this
> technique in labs, but try not to use it for production networks.
>
Ah.. I've done this for outside to outside traffic during a move before, didn't think about applying to the internal segments though, but same setup.
-ryan
More information about the cisco-nsp
mailing list