Hi Guys.
I´m here for some guidance to get throught the following scenario.
Server BBB needs to reach Server AAA but I want to hide Server BBB real IP address. Also the ip address of AAA needs to be natted on the destination because the Firewall(checkpoint) is used as a default gateway for BBB and also this firewall has the same net that is used with server AAA.
So the flow of the traffic is like this:
- When BBB sends a packet, this packet goes to the Checkpoint, then to the ASA, and the ASA is going to NAT source and destination to reach AAA.
Switch 3 is a service switch that is delivering a lot of vlans to the ASA. This ASA is connected to the switch and is using sub-interfaces associated to vlans for every service.
The thing is:
The ASA knows the real address of AAA, because is using the same vlan of that subnet, so it can reach the server because is on the same segment, but there´s not any layer 3 device in between, just Layer 2 devices.
So if I applied the following NAT
nat (INSIDE,To-AAA) source static BBB-ori BBB-natted destination static AAA-natted AAA-ori
Should it work?
Thanks in advance,