philb19
asked on
NAT of one IP to another (Static)
Hi - If I have a static NAT say 9.9.9.9 (Outside) to 7.7.7.7 (DMZ) AND the server in the DMZ 7.7.7.7 has a gateway set of 7.7.7.9 - an interface on a ASA firewall.
Now this if for a hypothetical DR situation - we lose the ASA - the 9.9.9.9 is a service provider offering DR - 9.9.9.9 belongs to them.
question is does the server in the dmz 7.7.7.9 "need" to communicate with its gateway (which no longer exists) when it needs to to go of its network - example talk to our "inside" LAN non different subnet? _ or does static NAT work in the manner that the gateway doesn't matter. Its a static NAT- so "All" comms" will nat to 9.9.9.9 and the service provider will have access lists that allow the traffic to come back inside to our LAN
Sorry could be confusing question - really i need to know if the NAT'd IP still uses the static gateway set on its interface to do any comms to leave its LAN??
thanks
Now this if for a hypothetical DR situation - we lose the ASA - the 9.9.9.9 is a service provider offering DR - 9.9.9.9 belongs to them.
question is does the server in the dmz 7.7.7.9 "need" to communicate with its gateway (which no longer exists) when it needs to to go of its network - example talk to our "inside" LAN non different subnet? _ or does static NAT work in the manner that the gateway doesn't matter. Its a static NAT- so "All" comms" will nat to 9.9.9.9 and the service provider will have access lists that allow the traffic to come back inside to our LAN
Sorry could be confusing question - really i need to know if the NAT'd IP still uses the static gateway set on its interface to do any comms to leave its LAN??
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys this came down to a miscommunication the ISP is providing an Interface which WILL have the IP of the Gateway set on the DMZ hosts (his network diagram did not have this specified -he just said he was going to static NAT their IP to mine- this threw me :) )- so as i thought of course the dmz host will have to go IN OUT through its gateway - thankyou
If you happen to have any questions or comments or in case you need any extra help in the future please do not hesitate to hit me a message!
ASKER
awesome thanks will do :)
......