I have a client router that I have no control over that I want to put in my DMZ and give it access to only 1 device on the inside network. I'm having a mental block on how to make this happen. I already have static (inside,dmz) for the server this router needs to be able to get at listed below.
Pix(config)# access-list no_nat permit ip 192.168.2.0 255.255.255.0 192.168.5.0 255.255.255.0
Pix(config)# access-list no_nat permit ip 192.168.3.0 255.255.255.0 192.168.5.0 255.255.255.0
Pix(config)# nat (inside) 0 access-list no_nat
Pls. Remember the rule: From Interface Inside to Interface DMZ requires nat/global command.And DMZ to Inside requires static/conduit. Pls. issue cmd: 'clear xlate' after configuration has been saved with cmd: 'wr m' (write memory)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...