I have a Vendor router connnected on DMZ of my Firewall who lets only one ip address of my server 172.16.1.15 to connect to his network. I have a NAT on my Firewall to my inside address as follows;
nat (dmz1) 0 0.0.0.0 0.0.0.0
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,DMZ1) 172.16.1.15 10.0.2.15
conduit permit tcp 172.16.1.15 any
route dmz1 192.168.1.0 255.255.255.0 172.16.1.1
where 192.168.1.0 is vendor network address and 172.16.1.1 is the gateway address of the vendor router.
The problem am facing is
1. I am not able to ping to the gateway 172.16.1.1 and am not able to see any traffic on DMZ from internal address(10.0.2.15) nor 172.16.1.15 on sniffer.
although the vendor router is able to ping my firewall DMZ interface.
when I initiate the connection from inside to DMZ1(higher to lower) i believe my internal ip address(10.0.2.15) will be PAT to global address of 172.16.1.254 . How do i force the firewall to nat the address to 172.16.1.15 so that i access vendor network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...