I have a Vendor router connnected on DMZ of my Firewall who lets only one ip address of my server 172.16.1.15 to connect to his network. I have a NAT on my Firewall to my inside address as follows;
global(dmz1) 172.16.1.254
nat (dmz1) 0 0.0.0.0 0.0.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,DMZ1) 172.16.1.15 10.0.2.15
conduit permit tcp 172.16.1.15 any
route dmz1 192.168.1.0 255.255.255.0 172.16.1.1
where 192.168.1.0 is vendor network address and 172.16.1.1 is the gateway address of the vendor router.
The problem am facing is
1. I am not able to ping to the gateway 172.16.1.1 and am not able to see any traffic on DMZ from internal address(10.0.2.15) nor 172.16.1.15 on sniffer.
although the vendor router is able to ping my firewall DMZ interface.
when I initiate the connection from inside to DMZ1(higher to lower) i believe my internal ip address(10.0.2.15) will be PAT to global address of 172.16.1.254 . How do i force the firewall to nat the address to 172.16.1.15 so that i access vendor network.
Do i need to add any command on firewall ?