I have a business requirement that has traffic for an application going through firewall A and web traffic through firewall B. Due to specilized routing need for this application, if a user outside the network tries to access our public facing web servers we end up with the traffic entering firewall B and leaving firewall A, so asymmetric routing.
What I would like to do is bring in all traffic coming from 18.104.22.168/24 (outside) destined for 22.214.171.124 (NATed to 126.96.36.199 inside) and NAT it to those external address to 10.10.10.0/24.
I think that this is a twice NAT but haven't been able to follow the Cisco examples as they are taking a internal host and NATing them outbound, I'm looking to do the reverse.
You did not mention the software version of your ASA. Twice NAT is easier and more common on the 8.3+ software levels.
So if I understood correctly the internal server should be NATed to 188.8.131.52 from the real IP address 184.108.40.206 and the external source subnet 220.127.116.11/24 should be NATed to 10.10.10.0/24 when connecting to the menioned NAT IP address of 18.104.22.168?
If so then the configuration in 8.3+ format could be
Naturally the above "object" names are more meant to give you an idea of what purpose they hold. A better naming policy could surely be used. :)
The above NAT configuration would do a 1:1 Static NAT for the source addresses as the real and mapped subnet are of equal size. You could change this to Dynamic PAT if the actual situation holds different size subnets.
In that case your ASA should support the above configuration format.
Naturally I don't know what the interfaces are called on your ASA. Also I personally like to look at the big picture especially when doing any special NAT configurations. Just so that I don't mess anything up :)
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :