On our FWSM there are some PAT about ~500 hosts. The DNS server should have a static NAT, some servers should have some port forwarding. I set those but DNS server & other servers can access only from VLAN60. Offices's PAT is work fine but I can't access mapped IP from other VLANs.
VLAN60 : 126.96.36.199/22
IP of DNS server: 172.18.255.2 (should have 188.8.131.52)
IP of server1: 172.18.250.1
IPs of Offices: 172.18.0.1-172.18.2.254
Mapped IP: 184.108.40.206
FWSM conf. part. example:
nameif vlan60 outside security1
nameif vlan518 offices security51
access-list NAT extended permit ip any any
access-list static1 extended permit tcp any host 220.127.116.11
access-list static1 extended permit ip any host 18.104.22.168
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...