I have a requirement wherein when a particular machine access certain IPs it should be routed to the INISDE and when it access any other IPs it should be natted and send to the Internet. This machine is in a dmz which has a network of 172.23.0.0/24. The network that connects to the INSIDE is 172.18.0.0 /24. When this machine accesses 192.168.0.0 /16 on the MSFC or another dmz of 172.17.0.0/16 it should not be natted and when it accesses anything else it should be natted to a public IP address and send towards the Internet router.
I am concerned about the NATing and routing towards the Internet. Can that be done as follows:-
nat (dmz1) 1 access-list INTERNET
global (OUTSIDE) 1 <public-ip>
access-list INTERNET extended deny ip host 172.23.0.110 172.17.0.0 255.255.0.0 any
access-list INTERNET extended deny ip host 172.23.0.110 192.168.0.0 255.255.0.0 any
access-list INTERNET extended pemrit ip host 172.23.0.110 any
When traffic comes to FWSM from 172.23.0.110 and heads towards 172.17.0.0 or 192.168.0.0, i dont want it to be natted and send to internet, but all other traffic from 172.23.0.110 should be natted tp <public-ip> and send to internet. For this is the above access-list, nat and global work?
Thanks in advance