NAT incoming SSL traffic to inside interface address

Unanswered Question
Aug 18th, 2009

Hi All,


I'm trying to NAT the source address of incoming ssl traffic to the physical inside interface. So on the inside network all ssl traffic should be sourced from the inside interface.


Does anyone know if this is possible? I was trying something like this...


interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 172.16.1.1 255.255.255.0

!

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 10.0.1.2 255.255.255.0

!

global (inside) 1 interface

nat (outside) 1 10.0.2.0 255.255.255.0

!

ip local pool SSL-IP-POOL 10.0.2.1-10.0.2.254 mask 255.255.255.0

!

tunnel-group TEST general-attributes

address-pool SSL-IP-POOL

!


Regards

Hielke

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
HHagendoorn Tue, 08/18/2009 - 22:32

Hi Andrew,


Thx for you reply. Excusse me for not begin clear about this.


I'm trying to NAT the decrypted client traffic (so the traffic sourced from the pool addresses), not the ssl traffic (source from the real client address).


It seems to me your answer reverse to the second situation, where I meant to ask for the first one.


Any suggestions?


Regards

Hielke




Actions

This Discussion