I have just installed my first FWSM at one of your internet pops. Pretty simple only inside and outside no dmz (all listed below). I had to put a static address translation so the internet router could talk back into the internal syslog and tacacs servers on the internal network (10.233.85.254 / 172.21.85.254) which works fine for the connections allowed inbound from the internet router. But when I try to access the internet from those two devices its not being routed because the pix is using the static address (10.233.85.254 / 172.21.85.254) to the internet router and it is not being routed after that. I know I can do an address translation to another one of my 22.214.171.124 address and this will work but I am trying to get around this because I have another Internet POP soon to change from Firewall-1 to PIX that will literally have 100(s) of these static address translations.
Nadeem thank you for the reply. But if the Edge router has to talk back to the inside server (say for AAA) won't I need a static for that translation? Then the static will over ride the global translation for the internal server out to the internet. I will give your recommendation a try to see how it works thanks.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :