Office network (INSIDE) need to access lab network (OUTSIDE)
---- and ----
lab network (OUTSIDE) need to access office network (INSIDE)
NOTE: lab network resides inside the office network but are considered "high risk", therefore they're placed on OUTSIDE interface (least secure)
permit ALL outside hosts (behind firewall) to have a nat'd address to inside
inside ip space avail: 172.16.186.0 /23
outside ip space avail: 10.25.186.0 /23
inside interface ip: 172.16.186.2 /23
(172.16.186.1 assigned to L3 switch routed interface)
outside interface ip: 10.25.186.1 /23
Q1: Is this correct NAT statement?
global (outside) 2 interface
global (inside) 1 interface
nat (outside) 1 10.25.186.0 255.25.254.0 outside
nat (inside) 2 0.0.0.0 0.0.0.0
Q2: Is this correct static statment to create one-to-one nat for each host?
static (inside,outside) 10.25.186.0 172.16.186.0 255.255.254.0
Q3: do i need to list EVERY outside host in an object-group if i want to assign an ACL to the entire ip range?
-- or --
can i just do something like this:
object-group network outside_users
network-object 10.25.186.0 255.255.254.0
Q4: Is there a simpler way to do this?