Really need some network advice here. Due to the complexity of how my network structure is like, I have decided to insert a network diagram to depict my problem, so PLEASE check the diagram out before you read further.
I'm having difficulties in allowing ROUTER BETA to be authenticated via my TACACS server via the private NAT address. I have entered the following command on my FIREWALL ALPHA router to NAT ROUTER BETA:
Static (outside,inside) 172.22.120.22 220.127.116.11 netmask 255.255.255.255
From my TACACS server end, I'm able to ping 172.22.120.22 and 18.104.22.168 once the configuration above is applied on FIREWALL ALPHA. However I'm unable to telnet to 22.214.171.124 from my TACACS server. I'm able to telnet to ROUTER BETA using the 172.22.120.22 ip address however the router is not able to authenticate with my TACACS server.
PLEASE NOTE THAT THE ACLS on my INTERNAL FIREWALL, FIREWALL ALPHA and ROUTER ALPHA are all set to permit ip any any (in other words nothing is blocked).
When I remove the static command above, everything returns to normal ; I'm able to telnet the126.96.36.199 IP address from my TACACS server and the router is able to authenticate with my TACACS server.
In my diagram I've also put another network called BETA Network. BETA Network works very similar to Alpha Network, however when I apply the following NAT config on the FIREWALL BETA device to NAT my ROUTER BETA:
Static (outside,inside) 192.168.68.22 188.8.131.52 netmask 255.255.255.255
It works perfectly fine. I'm able to ping both the private and public addresses and telnet both the IP addresses and using both IP addresses, my ROUTER BETA device is able to authenticate with my TACACS server without any issue.
Again like in ALPHA network, the ACLs for FIREWALL BETA and ROUTER BETA are all set to permit ip any any (nothing is blocked).
I'm just perplexed as to why this problem is only occurring on ROUTER ALPHA and the ALPHA network.
Appreciate any help on this.
Edit: aplogies, added the wrong diagram