I have some complicated source and destination translation need to do in ASA firewall version 8.2.1, below are the details:
site A 192.168.1.0/24 firewall--------------Site B 192.168.2.0/24 ASA------------Site C 192.168.3.0/24 firewall or Site D public internet
Site A and B are IPSEC VPN connected, B and C are IPSEC VPN connected.
What I want to acheive is to allow Site A servers to access ftp server in Site C and Site D without making changes to Site A's firewall since those firewalls belong to other partners and it takes very very long time for they to response for any changes. Site B is our company's firewall and we can make any changes on it.
My optimum thinking is: to access ftp server in Site C from Site A, it will ftp to a virtual address in Site B eg. 192.168.2.222 ,
1) then in Site B's firewall it will translate the ftp packet's source to Site B's address eg. 192.168.2.111 ,
2) translate packet's destination from 192.168.2.222 to 192.168.3.121(ftp server)
Access to site D is the same logic except Site B to Site D is normal internet connection.
So far I can do 1) the source translation but can't do 2) , anyone has ideas for that?