[c-nsp] ASA 5505 NAT and asymmetric routing

Matthew DeSantos mdesantos22 at yahoo.com
Mon Oct 8 13:36:57 EDT 2012


All,

Hopefully I can explain this correctly. I'm having an issue with communication (telnet/ssh) from a public server to remote private nodes. The issue is the return path, private IPs can't route via the INET. So, my initial thought was to plug the servers into the ASA and give them private IPs. However, these servers actively monitor our private IPs. If I change the IP of the server(s) this will require a lot of manual changes. The private nodes will need to be updated  to allow the new private IP access.  
I'm thinking I need to configure static PAT or some sort of NAT. This is where I'm stuck and don't fully understand how to implement. The setup is below:

Public Server(s) -[ROUTER]---ASA====tunnel=====ASA--[ROUTER] Private IP (10.1.0.0/17)

Again, I need to allow these servers telnet and ssh access (we run scripts from these servers). I've been reading the ASA 5505 configuration guide, but I'm at a stand still now. The inside and outside interfaces plug into my upstream router.  The servers are actively monitoring all the private nodes via the tunnel, but I can't telnet/ssh to these devices from the public servers (asymmetrical routing). If anyone has previous experience with this type of setup I would greatly appreciate some direction/assistance. 


More information about the cisco-nsp mailing list