Static xlate issue from lower to higher security level
The issue I have is that I have a multi interface pix, seperating several business areas. One of these is a sec50 level, which can't be changed. 3 hosts on this segment require internet access which will traverse via the inside sec100 interface. How do I get around the static command as I essentially need a static to allow this interface to xlate to any IP?
As mentioned I can't change the security level to get around this issue...it's probably an easy one but I can't think of the best way. Any help appreciated.
Re: Static xlate issue from lower to higher security level
You will need "static" and "access-list" commands to allow traffic to flow from a lower security interface (50) to a higher security interface (100). But the problem here is that the static will have a fixed local address from the "inside" network's range.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...