Some background before my question:
I'm an MSP tech and am trying to enhance my networking skills. There's a client need that I don't quite know how to fulfill, and I think this subreddit may be able to help me. We're a small shop and we can generally get by with what we know about simple networking stuff, but I'm taking on the lion's share of the networking stuff that comes across our desk.
Here's my scenario: we're migrating our largest client's ERP (running on an AS400 system) that's being hosted by us in a data center, to cloud-hosted and managed by another company (we frankly don't want to touch that timebomb with a 10-foot pole). Users have a link to an app that is connected to the AS400 at 10.0.x.10. We worked with the vendor to set up a site-to-site VPN and verified connectivity between the clients' network and the IP address at the vendors' data center which is 10.7.x.30. The vendor's networking team basically simplified it to this: "Yeah, just nat the IP of the new box in there."
I understand the concept of NAT in the terms of translating a handful of internal IP's traffic to go through the public IP address, but when it comes to the real-world application of it I'm not sure what would be required. Their network is hub-and-spoke and the current box is hosted in the data center that also has the firewall that does all of the routing/etc. All sites are connected to the data center via SDWAN. The firewall in question is a Cisco ASA5505 with firepower management.
If I understand correctly, there's a NAT rule (or a few?) that I need to put in place to basically tell it "when internal traffic tries to do anything with 10.0.x.10 (send to or receive from) that it will now point to 10.7.x.30? If that is the case, what does that rule look like? And if I am entirely off-base here can anyone set me down the right path? I'm hoping this need will give me a fuller understanding of
Thanks in advance, and I apologize if I broke any subreddit rules - I did read them and I didn't perceive this question to do so.
No comments:
Post a Comment