How do I prevent NAT'ing on a PIX for users on the 'inside' trying to access an oracle server (SQLnet) on the 'DMZ'?
We have an oracle server off the PIX's DMZ interface (E2) w/ an IP address of 10.10.10.10 /24. The internal users are on the PIX's INSIDE interface (E1) and their subnet is 192.168.1.0 /24. Users on this internal subnet need to access the web; therefore, they are NAT'd out the OUTSIDE interface (E0). However, for these same internal users to access the oracle server (10.10.10.10) on TCP port 1521, they cannot be NAT'd to connect. How do we allow NAT'ing to work for internet access and at the same time prevent NAT'ing to occur when accessing the oracle server on the DMZ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...