Really stumped on this one - any comments gratefully recieved!
I have a pix in front of a router. The PIX is doing a static NAT for a web server and the pix forwards the packet to a router. The router is doing PAT on it's firewall facing interface, it recieves the packet, it see's that the PAT doesn't apply from it's ACL and routes the packet to the web server internally - NOW this is the bit I am confused about - the web server then replies to the packet BUT now the PAT does apply from it's ACL and I was expecting the source address on the reply packet to be translated and the connection to lose state through the firewall!
But the return packet is not natted. The pix receives the packet with the original address and does the static nat on it so all addresses are routeable on the internet and it all works!
So - is NAT only done on a new connection and is nat ignored if it's a return packet?!
the syntax is
ip nat inside source list 131 interface Ethernet1/0 overload
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...