I have a need to build a NAT policy to handle bidirectional communications between a host behind my DMZ and an internal host. Once an hour, the host behind my DMZ (22.214.171.124) initializes a connction to an inside device. Likelise, whenever there is activity on my inside device (inside local:172.31.45.20 / DMZ Global 192.168.10.160) this will provoke a communication to the native IP of the host behind the DMZ (126.96.36.199). ALl is working fine now but I have a need to source translate the source)
There is an .INI file on the inside device containing the native IP of the host behind my DMZ, and I need to change this value to 172.31.48.51. However, I can 't accmplish this in one day so I'm trying to figure out a way to facilitate both native and NAT on the source DMZ host. (note: I have static routes for the Native IP back to my DMZ. The NAT IP of 172.31.48.51 is in my routing table)
I've come up with this configuration and from the looks of it, testing with sniffer and packet-tracer this sees to be working. However, I'm being told that data is not arriving into DMZ host 188.8.131.52. Please check the below and tell me if this makes sense.
(Addresses have been changed to protect the innocent)
To handle source translation at PIX-DMZ going to inside interface when session is initiated from the lower level interface.
global (inside) 101 172.31.48.64 netmask 255.255.255.255
nat (DMZ) 101 access-list NAT_DMZ_TO_INSIDE outside
access-list NAT_DMZ_TO_INSIDE extended permit ip 184.108.40.206 255.255.255.0 any
To handle source translation at the PIX-inside going to DMZ interface when session is initiated from the higher level interface.
static (inside,DMZ) 172.31.48.51 220.127.116.11 netmask 255.255.255.255
static (inside,DMZ) 172.31.45.0 172.31.45.0 netmask 255.255.255.0
static (inside,DMZ) 192.168.10.160 172.31.45.20 netmask 255.255.255.255