DMZ to inside - want servers to be see with original ips.
I have a 10.x.x.x network on the inside interface (100). I have semi-rogue network being hooked up to ethernet6 (90) which is going to be 10.y.y.y. I would like for the 10.y.y.y network be able to see all the servers on the inside with the original 10.x.x.x addresses. Is this possible? if so, how?
Re: DMZ to inside - want servers to be see with original ips.
you probably have a nat 1 statements for all traffic from that interface. what you want to add is a nat 0 access-list statement that selective excludes traffic from nat. If 220.127.116.11/24 was the netblock used on e6, then this is basically what you would want to do:
access-list 106 permit ip 10.x.x.x 255.0.0.0 18.104.22.168 255.255.255.0
nat (inside) 0 access-list 106
this would stop 10.0.0.0/8 from natting traffic only when the destination is 22.214.171.124/24
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...