It follows the topology of the network in the annex, I will try to explain what we're trying to accomplish
previously we had this same network topology that with the change to have a Cisco ASA instead of the Server Linux
I want is a transparent proxy
ie the Cisco ASA in the network interface has 192.168.100.0/24 (outside) and a network interface in 10.254.254.0/24 (inside) and the network 10.253.253.0/24 (dmz-proxy), in normal navigation of a station with ip address 10.254.254.50/24 the packet of data leaves destined for example to the Website packets google that is going to address the target www.google.com.br or 18.104.22.168. In ASA he has the following table of routes.
10.254.254.0/14 directly connected via inside
10.253.253.0/14 directly connected via dmz-proxy
192.168.100.0/24 directly connected via outside
Default route via 192.168.100.2
with this configuration should leave the packet with the destination MAC address of 192.168.100.2, and the destination IP address 22.214.171.124 and address of origin as 10.254.254.50/25 that there is not nat correct?
want is for the ASA INTERCEPT this connection leaving before routing ie before being routed by default route and change the header of the packet by changing the destination address or the destination mac address for the IP address that is the server 10.253.253.2, the server proxy, it receives and verifies the packet in its cache if the requested page is stored. if the page you requested exists in the cache proxy server sends the page to the client with an IP address 10.254.254.50 otherwise makes a request to the address 126.96.36.199 requesting the website and storing in its cache and sending the user to the page.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...