We currently have a failover pair of ASA 5500s providing firewalling & nat with inside, outside, and dmz interfaces. We're doing interface PAT for the bulk of internal to external connections, and static 1-to-1 nats for specific inside hosts that need to accept connections from the outside. The static nat space is a /27 that includes the address of the external interface. This is all working correctly.
However, we are out of space for static NATs in that /27. I'd like to be able to add a different network, likely another /27, for more static NATs but am having a difficult time figuring out the best way to do this. Can this be done with a network that doesn't include the outside interface on the ASAs?
I guess you are trying to implement static nat with a Public IP range which does not reside on the PIX itself. This can be done and this is where "proxy arp" comes into picture. All you need to have is appropriate routes configured on the edge router for the specific ip's that you are natting and destined towards the outside interface of the pix.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...