int g0 ip address 220.127.116.11 255.255.255.0 nameif inside security-level 100 int g1 ip address 18.104.22.168 255.255.255.0 nameif outside security-level 0 int g2 ip address 22.214.171.124 255.255.255.0 nameif DMZ security-level 50
route outside 0.0.0.0 0.0.0.0 126.96.36.199
object network REAL host 188.8.131.52
object network MAPPED host 184.108.40.206
nat (inside,DMZ) source static any any destination static MAPPED REAL unidirectional
220.127.116.11 is a server in the DMZ. Its public IP address to the internet is 18.104.22.168. I want to be able to reach the server from the inside interface using its REAL and MAPPED ip addresses. Furthermore, I want to be able to reach hosts on the inside network from that server using the server's real IP address. So, I only want it NATted when the inside host is trying to communicate with the server using its public IP.
In ASA 8.4.2, I was able to use the nat statement above and got the behavior I wanted. The ASA would know that the destination interface is "DMZ", NAT the traffic, and send it directly to the server.
In ASA 9.1.2, this doesn't work. The ASA wants to use the default route which tells it that the outgoing interface should be 'outside'. I had to do nat (inside,outside) . But the problem with this is that now, the ASA is NATing it, sending it to the next hop on the outside who sends it back to the ASA. The ASA delivers it and it appears to work.
In my ASA 9.1.4 box, it also doesn't work. Also, it doesn't allow hosts on the inside to access the DMZ server using its real IP address anymore.
Does anyone have any insight regarding how to get ASA 9.1.2 to work like ASA 8.4?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...