I have an issue where I need to bring a network into our network but because of that fact I can't route 172.x.x.x addresses through our provider (British Telecom Private Network)I need to figure out a way to nat a zone to another. The group is coming from 164.39.x.x and 145.78.x.x addresses destined for 172.x.x.x. I have The zones involved are CORPNET, I-DMZ and E-DMZ. CORPNET is the group coming in and I-DMZ and E-DMZ are where the servers reside that they need to get to.The zones are configured with security as follows:
I have a nat (CORPNET) 1 0.0.0.0 0.0.0.0 to allow CORPNET 10.0.100.64/26 to access other zones on our network and so far it seems to work fine. Any ideas?
You can configure Remote access VPN to terminate on your PIX firewall and give access to the servers on inside/DMZ to the external users. By this way, you also secure the data traffic flowing through the service provider. You can refer to the configuration guide of the PIX firewall for more information.
Since they are part of the company we prefer not to VPN them in. We would prefer that they come in like any other zone. They are directly connected having to only pass through the FWSM to get inside. They are considered trusted traffic just not as trusted as say onsite users.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...