This is a continuation of the the thread that can be found here:
I need the following to happen:
Host at 12.x.x.134 to access host 10.50.2.32 on port 8888.
Host at 12.x.x.134 to access host 10.50 2.33 on port 1560.
I am at a complete loss on getting this accomplished. Have tried multiple configurations and nothing works. Ideally I would collapse this all to the ASA but I do not have the time to dedicate at the moment so I just need to get this working as it is. The ASA is under SMARTnet but CCO ID does not have permission to its serial number yet.
Any guidance on this would be greatly appreciated. Is below enough to go on?
Ethernet0/0 outside 64.xx.xx.130 security-level 0 --> to RouterA via 2980
Ethernet0/1 inside 10.50.2.1 security-level 100 --> to 2980
Ethernet0/2 dmz1 10.10.10.2 security-level 50 --> to ASA e2
Ethernet0 outside 12.xx.xx.2 security-level 0 --> to RouterB via 2980
Ethernet1 dmz 12.x.x.129 security-level 50 --> to 2980
Ethernet2 dmz2 10.10.10.1 security-level 50 --> to PIX e0/2
I think the issue may be this line on the pix -
nat (dmz2) 0 10.50.2.0 255.255.255.0
this is Identity NAT. Basically it says don't translate 10.50.2.x addressing going to the pix. But it is only one way ie .from the ASA to the pix. I don't know why it is there but we should be able to override it with -
static (dmz2,dmz) 10.50.2.33 10.50.2.33 netmask 255.255.255.255
So if the ping didn't work can you add this to the pix and retest both with ping and connecting on the ports you want to use.