I am looking for help in setting up address translation on an ASA (version 7.2) with the following scenario:
-- four network interfaces: inside, DMZ1, DMZ2, outside
-- inside and DMZ1 have limited number of subnets, DMZ2 has many subnets (routing via OSPF), outside is Internet (routing via static default route)
-- source addresses should be translated to a global address (PAT) for communications from inside or DMZ1 to outside (DMZ2 does not need to communicate with outside)
-- real addresses without translation (source or destination) should be used for communications between inside, DMZ1 and DMZ2
The problem I could not overcome is the "nat (inside)" configuration: the subnets in DMZ2 (and DMZ1) need to be exempted, but there are too many to make an ACL viable. Besides, this would thwart the advantage of using a routing protocol instead of static routing.
Can anybody suggest a NAT configuration that achieves the desired results?
Thanks and regards