I'm a little confused about your config. where is your server exactly?
the static command you wrote means: host 220.127.116.11 is in inside and nat this address to 172.20.1.1 when it's going out. It doesn't make sense to me. If your server is inside and it has address of 172.20.1.1 you have to write the static command like this :
static (inside,outside) 18.104.22.168 172.20.1.1 0 0
this command makes your server reachable from the outside.(also you have to permit them with an access-list). for permitting the outside users to reach that server you have to use the real adress in your ACL. because they know your server as 22.214.171.124.
I assume that, your 172.20.7.0 network is also in inside. actually the traffic between this network and your server doesn't need to go through the pix. you can keep them talking inside. if you send your config of your pix, and the topology of your network I can help more..
also the link below are very useful for understanding traffic through pix :
access-list outside_access_in permit ip 172.20.7.0 255.255.255.0 172.20.1.0 255.255.255.0 will permit traffic from 172.20.7.0/24 to 172.20.1.0/24 so for your scenario this is the correct way to do it. You need to target the translated address rather than the real one
yes, the correct one is to use the natted one. because the outside world knows your server as 172.20.1.1. Did you try this access-list? If it doesn't work ; it maybe because of another access-list in inside interface..do you have an acl in inside interface?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...