It is my first post here, so sorry if I'll mess up something.
I have rather simple thing, but I've lost hours trying to implement it on FWSM.
I need to configure NAT on destination IP address only for requests coming from outside.
The packet which will hit the firewall looks like:
It will hit outside interface with security level 20
I want the firewall to translate the DST IP of that packet, so the packet on the inside interface will looks like:
Then the server 10.100.14.10 has route to 10.111/23 and will reply to the firewall, and I expect that the firewall will use it's xlate table to NAT back that packet so it will looks like it originated from 192.168.252.10. Unfortunately no answer from the server (Bs flags)
Here is the config:
static (inside,outside) 192.168.252.10 10.100.14.10
I got hitcounts on the access-list from the outside, and I got xlate entry and a connection entry.
fwsm/fw# show xlate debug | inc 192.168.252
NAT from inside:192.168.252.10 to outside:192.168.252.10 flags Ii idle 0:01:28 timeout 3:00:00 connections 0
show conn | inc 192.168.252
TCP out 10.111.127.26:50689 in 192.168.252.10:80 idle 0:00:10 Bytes 64 FLAGS - Bs
Can someone enlighten me, what I'm doing wrong? Should I have to use policy NAT in order to do 1 to 1 NAT on destination IP address only?