I have a scenario where I need to present on the outside interface of a PIX running 6.3(4) 3 different translated subnets for a single subnet inside, based on source networks. Please see attached. How can I best achieve this ?
Ok great. I see thats good for one to one translation.
Now, here is another challenge I have. For the 172.16.0.0/24 to 172.16.0.0/24 it's no problem but for the 10.199.0.0/24 and 184.108.40.206/24 the host addresses dont line up. In other words, say on the 220.127.116.11 side I may need to do 172.16.0.1 to 18.104.22.168. It's a long story. It's similar in the 10.199.0.0/24 outside range as well.
And, these are NOT limite to outside NATs for outbound (inside>outside) connections to the inidicated sourcenets. I have these sourcenets connecting INBOUND to those translated addresses.
I'm looking to minimize the amount of ACLs, STATIC, etc entries that I have to enter but I may have no choice ?
I'm assuming I have to do Policy NAT on all of em, and that's gonna make the config huge ;-). Unless I can get some help from you guys on another way to do it.
Thanks for the suggestions and time ! Any other ideas based on above certainly appreciated !
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...