I have migrated out PIX 525 to the ASA appliance. All went well except for the following problem. I need to be able to see traffic on one of my DMZs by both the real, and the translated IP addresses. The PIX allowd this but the ASA does not. Desperate need of some help here...
It's not an error. On one of my DMZs I translate 172.16.x.x to 10.1.x.x. When we had the PIX, we could access nodes on that DMZ by both addresses from the inside network. When we migrated to the ASA, we can no longer hit the network by 10.1.x.x addresses and are forced to use the translated addresses, 172.16.x.x. This is a problem because users have become dependent on both address spaces. Strange but true.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...