i have 2 hosts inside my network that each need to communicate with a remote network. there are two ways to get to the remote network and each host needs to take a unique path.
Ie, inside the DMZ there is RouterA which leads to 192.168.168.1 and RouterB leads to 192.168.168.1. Inside my PIX there is Host1 and Host2. Host1 needs to go through RouterA and Host2 needs to go through RouterB.
I need to be able to tell the PIX
192.168.168.1/32 => RouterA
ACL 1 host2 IP
match acl 1
set next-hop = RouterB
or someother way to tell the PIX, if source-ip = Host2 the route to 192.168.168.1 = RouterB
Didn't see a reply to this for a few days, so thought I would take a stab at it. The PIX does not support source-based routing, but your next hop router probably does. I assume that RouterA and RouterB are on the same LAN segment. If RouterA is your default next hop on the DMZ, policy-based routing could be configured on RouterA to direct all traffic from Host2 destined for 192.168.168.1 to RouterB. I havn't tried this, so would recommend a lab build first. Cisco doc for configuring Policy based routing can be found at:
thanks for the suggestion and i think it would probably work. however, part of the problem with my whole scenario is that RouterA and RouterB are not under my control (i have no access to them), hence their location in the DMZ.
i actually did speak with company in question about this week and they have agreed to nat to dmz ips on their respective routers. my host1 and host2 will believe that they are speaking with something in the DMZ when it really is "192.168.1.1" on the other side.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...