We have a client who nats his public IP (static nat) located on the outside to an HTTP Proxy for users to access Internet. Now when he try's to ssh from outside to manage this 5520 ASA he is never successful since the outside interface is natted to this proxy server.
I suggest if he could use another interface and staticly NAT its IP to another public IP from the subnet allocated to his company.
While the client is taking his time to free up an interface on his ASA, I set up a similar scenario but on GNS3 to test connectivity, but whenever I try to ssh from an outside ssh client to the DMZ interface, I get
Deny IP spoof from (ssh client IP) to (Public IP nated to DMZ physicla IP) on interface outside.
I have a static route outside on the firewall and I tested connectivity to the inside network by doing RDP on a windows client located on the inside.
I just want to know is such a configuration workable, or is there any limitation using a simulator?
outside IP = 126.96.36.199 (not real IPs)
dmz IP = 192.168.2.1
inside IP = 192.168.1.1
inside client IP = 192.168.1.10
Router connected to ASA Outside IP = 188.8.131.52
Router interface connected to client (simulating internet user) IP = 184.108.40.206
Internet User IP (connected to Router int) = 220.127.116.11
static (dmz,outside) 18.104.22.168 192.168.2.1 netmask 255.255.255.255
static (inside,outside) interface 192.168.1.10 netmask 255.255.255.255
access-list outside_in extended permit ip any host 22.214.171.124
access-list outside_in extended permit ip any host 126.96.36.199
route outside 0.0.0.0 0.0.0.0 188.8.131.52
All help is appreciated