How to reach hosts with public addresses in DMZ from outside
We are going to replace an old Linux based firewall with a Cisco ASA 5505. On the outside interface we have a 255.255.255.252 subnet (1 available address) and we have a DMZ zone with a 255.255.255.240 subnet (with official IP addresses) Usually we translate public addresses on the outside interface to private adresses in DMZ with the static command but in this case there are no address translation from outside to the DMZ. We want to do the same thing with the new firewall. Between the outside interface and the inside interface we will be using NAT/PAT. This solution work's fine with the old firewall but how can we do the same with Cisco ASA 5505? (With static or NAT exemption or something else) The person who installed the old solution can't be found.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...