I have a customer that has a peculiar situation that requires a static NAT to a host on a subnet remote to the inside of the PIX. This remote host has a static route back to the PIX but it uses a DIFFERENT default route. This creates the problem: the original public IP address remains as the source address in the IP header through the translation on the PIX. The remote host, when replying to the request, always attempts to respond back out through its default route, not back throught the WAN because the source address in the IP header is the public address of the original sender, not the private address of the PIX. Is there any way I can replace the original public source address with the inside interface of the PIX or some other inside address?
Have you considered configuring bi-directional NAT in this case? This was a new feature added in 6.2 (I think) that allows you to NAT the source address of packets going from a less secure interface to a more secure interface (opposite of what you would normally think of). You would then need to create a static route on the host pointing back to the PIX for the address that you NAT the external packet to. Check the command ref in 6.3 for the syntax and post back your questions if you have any.
Not a bad suggestion but it looks like all of the documentation points to mapping an explicit public address to an explicit private one. This would replace the original source address but the source could be any address on the Internet so that wouldn't work for me. I'm still going to play with the settings and see if I can't get something of a PAT process going in reverse. I'm also going to try port-redirection to see if that modifies the original source address. Any further suggestions or ideas are still most welcome!
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...