For example I disable translation on dmz interface: nat 0....
Does it work if i use static command to make a translation rule between ip addresses in dmz and outside?
Can i use private ip addresses for the edge servers in dmz somehow and then translate them to public using static command ?
Does it help much if public ip addresses will be in use in dmz segment?
Could anyone suggest which exactly command i have to run?
If you are collocating edge server roles on a computer, each should have a separate IP address. If you do not use a separate IP address for each, you must use separate ports for each collocated edge server role. For collocated edge server roles, we recommend having the IP addresses equal the number of server roles plus one, which provides a separate external IP address for each server role and a shared internal IP address.
To conform to the requirement of a publicly routable IP address of the A/V Edge Server, the external firewall of the perimeter network must not act as a NAT (Network Address Translator) for this IP address.
Additionally, the internal firewall must not act as a NAT for the internal IP address of the A/V Edge Server. The internal IP address of the A/V Edge Server must be fully routable from the internal network to the internal IP address of the A/V Edge Server.
From outside to DMZ, it will work. But 0.0.0.0 0.0.0.0 means all traffic, so from DMZ to outside or to inside will not be NATed. This means Edge server wont appear as the public IP that you assigned via static. So you better follow the Conditional NAT I mentioned above.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...