We have an FWSM in routed multiple context mode with two VFW's. One will be protecting dept. LANs and the other will handle servers. We would like both VFW's to handle firewalling mutliple VLANs, some will require NAT, non-routable xlated to routable IPs.
As of right now I have two VLANs tied to one VFW, one is the inside and the other is the outside with a static default route pointed to the SVI of the outside VLAN on the MSFC. Proxy ARP and NAT handle the rest. My question is this, is it possible to add another set of inside/outside interfaces to this VFW with NAT running between them with proxy arp? I see a problem because the default route is pointing to the VSI of the current outside interface, so I don't see how to tie the new set of interfaces together with NAT.
I hope that this question makes sense, thanks in advance.
The current firewalls that I am replacing use NAT with proxy arp to handle their outside addressing, as opposed to a static route in the MSFC directing the outside subnet to the outside interface.
I would like to be able to use one context to replace two of these firewalls, hence I need two separate outside interfaces (outside subnets) that do NAT with proxy arp.
I know that the same thing could essentially be achieved by using static routes and a single outside interface, but this would require me to redesign the current networks, which would be very time consuming.
Apologies but i think i may be missing the point. It is when you say "route in the MSFC directing the outside subnet to the outside interface". You don't need this.
What you do need is to have static routes for subnets behind the FWSM ie. DMZ's. Not sure why using static routes and one outside interface would involve a redesign. Can you not just take the second subnet, create it on a DMZ and yes you would need a static route on the MSFC pointing to the outside interface but this is not a redesign as such.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...