how to nat source IP inbound on asa5510 outside interface
I have a query which is frankly stumping me at the moment.
A customer has a couple of web servers on their internal network. They need to provide access from external hosts to these servers on port 443. They have an ASA5510 which has static NAT to translate the inbound destination IP from an external address to the real internal address of the servers. This all works fine as proved with 'capture'. I can see inbound packets being translated and squirted out the inside interface to the servers, via an internal L3 switch.
However, the ASA is NOT the default gateway of the internal L3 switch, so responses from the servers hit their default gw (the L3 switch) which for obvious reasons doesn't have a seperate route for every single internet host, so the L3 switch forwards the response to it's default gw which is a different firewall (not the ASA the request came in on).
So the problem is the client never sees the response from the server.
Without changing the default gw of the L3 switch, I believe the only way around this problem is to get the ASA to translate the inbound SOURCE IP address as well as the destination, so that the L3 switch can forward the responses from the server back to the ASA correctly.
However I'm unsure on how this should be configured.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :