I have a need for our internet router to send syslog to a server on the inside interface of a PIX firewall. The internet router connects to the outside interface of the PIX. The interface on the router that faces the PIX has an ip of 22.214.171.124 and the outside interface of the PIX is 126.96.36.199. The host address of the inside syslog server is 10.1.1.100, which is off the inside interface on the PIX.
currently the PIX is configured with a NAT (1) 0.0.0.0 0.0.0.0 with a global statement that uses the "interface" (outside address of PIX, or 188.8.131.52). The syslog server 10.1.1.100 has a need for internet connectivity for things like web updates, etc. I'd like to keep it so that it uses the existing NAT when connecting to the Internet. However, I need a way for the internet router to send its syslog through to the inside server. I figure I could do a static, but that would end up translating all traffic from my syslog host, and I was hoping to just translate it when the router initiated to it and had syslog data to send. Obviously the router does not know about the 10.1.1.x network, so I need a way to get it back into the inside network, without affecting any internet traffic that is initiated from the syslog server. How can I best accomplisth this?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...