I have a pix 515 running version 634 with four interfaces, for example, outside, inside, dmz and lab. I need to be able to connect to devices that is located on both the dmz and lab from inside. I also need to connect to devices that is located on the dmz from lab. The lab has a higher security than the dmz. I am also using remote access vpn. I would really appreciate if someone can help me with this as i have been working on it for a few days now.
access-list acl_name permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
nat (inside) 0 access-list acl_name
acl_name defines source/destination ip pairs that you don't want nat'ed. so this acl would read - when a host on subnet 192.168.1.0/24 attempts to contact a host on 10.1.1.0 subnet, do not NAT the 192.168.1.x address.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...