We have an issue with a 515 PIX. Here is the situation:
1) Users use a client/server application that is remotely located. The local network at site 1 where the users are located uses private addressing 192.168.x.x and NAT to the exterior with the 515 to a IP of a private WAN in the 10.x.x.x
2) The remote server is at let's say 10.128.65.40, so the nat is done at the 515 on the source address
3) This application have a backup server located INSIDE site 1. Therefore, the users always uses the foreign 10.128.65.40 address and the network at site 1 have to nat this adresse to an INSIDE address in the 192.168.x.x. to the backup server.
How do you do that? Nating the destination address to redirect the traffic to internal?
If I understand you correctly, you are wishing to add a rule on the firewall so that if users on the inside try to access the foreign IP address of the backup server (10.128.65.40) they will be redirected back out the inside to the real IP of the server 192.168.x.x. This can be done by using a configuration called "Hairpinning". Add the following commands for this translation to occur:
global (inside) 1 interface
static (inside,inside) 10.128.65.40 192.168.x.x
same-security-traffic permit intra-interface
For more information about this setup, the following link is to a document that describes "hairpinning" and the configuration in more detail.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :