I have a 515 running 6.3.3 with a DMZ. I am having some problems understanding the natting for the DMZ. Basically I have an internal network (10.0.0.0/8), DMZ (172.18.5.0/24), and outside (0.0.0.0/0)
I would like a DMZ server to be able to address the internal server with the 10.0.0.0 address without a nat. Basically I would like the DMZ to know the real addresses of the inside, and the inside to know about the real addresses of the outside. I would also still be needing to keep the dmz servers statically natted to the outside of course. Am I missing something, or do I just need two nat 0 statements? After that I should just be able to create ACLs for lower security interfaces to get to higher...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...