So my situation is kind of unique. I'm currently configuring an ASA5510 (ver. 8.4) to replace an OpenBSD router box. My company was originally given a /24 of public IP's.....yes it's weird. We are currenly working on eliminating the public vlan in our office. Currently half the company is using these public IPs for their computers and half are on a private vlan. We also have several servers on the public vlan. Everything is connected to a layer 3 switch that routes between these computers. When we first implement the ASA we want to leave the servers on the public vlan and have them still accessible from the outside by the same IP address. Currently the OpenBSD box just doesn't NAT the public vlan.
We were looking at 2 solutions.
1. NAT the server IPs to itself. ie. if the server has an IP of 22.214.171.124 then the nat statement would looke something like:
nat (inside,outside) 126.96.36.199 188.8.131.52
This is what we think would work best.
2. We create a nat exemption rule for that entire public vlan.
Is our theory correct that option 1 works best? Any other suggestions? We do not want to implement a DMZ because we have such sensitive data and only our web server could exist in our DMZ. My company is small....the simpler the solution, the better.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :