more than 1 1-1 nat?
itdaddy
Member Posts: 2,089 ■■■■□□□□□□
Okay I need some serious guidance on this:
This is the scenario: We have a off-site IBM that is replicated to every nite from the IBM unix system we have at the HQ office so they are both the same every nite.
I am building a vpn tunnel using an ASA 5505 to their vpn device to have it be able to route\failover into our network and have our clients flip over to use that off-site IBM unix system. okay. And i will only have to edit the DNS server ip address only to get it to work for them since they have the name DRC-HOST in their client program.
but,
the IBM offsite has a file in it called a "host" file with all of our static IP addresses that map to their pcnames.
192.168.1.1thermal printer name etc...
192.168.2.2 pcname1 etc..
192.168.4.4 pcname2 etc...
so what the engineers on their end say is we need 1-1 nat but you cannot 1-1 nat with one IP address only that
translates to say one subnet 192.168.1.0 only? can you 1-1 nat more than one subnet??? I would think you would have to
do 3 1-1 nats with 3 separate ip addresses to match with each subnet respectfully cause what if you have the same number in the last octet? I have 3 subnets of PCs and thermal printers that this host IBM system needs to communicate with and it has to be 1-1 and I think for each subnet a separate nat statement right? or can you do a PAT or something?
it has to map 1-1 to meet the requirements for that host file.
like: 192.168.1.4 and 192.168.2.5 and 192.168.4.5 ???
this is after the tunnel is set up I believe they want the 1-1 nating.
do you know what I mean I just wonder if I can do 3 1-1 nats and is that possible? I am going to get some help with this
but want some education before I go get help from this ccie security I know...I want to design a lot of it and have him
fine tune it for me...
This is the scenario: We have a off-site IBM that is replicated to every nite from the IBM unix system we have at the HQ office so they are both the same every nite.
I am building a vpn tunnel using an ASA 5505 to their vpn device to have it be able to route\failover into our network and have our clients flip over to use that off-site IBM unix system. okay. And i will only have to edit the DNS server ip address only to get it to work for them since they have the name DRC-HOST in their client program.
but,
the IBM offsite has a file in it called a "host" file with all of our static IP addresses that map to their pcnames.
192.168.1.1thermal printer name etc...
192.168.2.2 pcname1 etc..
192.168.4.4 pcname2 etc...
so what the engineers on their end say is we need 1-1 nat but you cannot 1-1 nat with one IP address only that
translates to say one subnet 192.168.1.0 only? can you 1-1 nat more than one subnet??? I would think you would have to
do 3 1-1 nats with 3 separate ip addresses to match with each subnet respectfully cause what if you have the same number in the last octet? I have 3 subnets of PCs and thermal printers that this host IBM system needs to communicate with and it has to be 1-1 and I think for each subnet a separate nat statement right? or can you do a PAT or something?
it has to map 1-1 to meet the requirements for that host file.
like: 192.168.1.4 and 192.168.2.5 and 192.168.4.5 ???
this is after the tunnel is set up I believe they want the 1-1 nating.
do you know what I mean I just wonder if I can do 3 1-1 nats and is that possible? I am going to get some help with this
but want some education before I go get help from this ccie security I know...I want to design a lot of it and have him
fine tune it for me...