I have a client VPNing into the corporate network and in the pool 10.10.100.x. Client is using internal DNS servers since they have to access private servers. They are also setup with split tunneling so as to use their own internet conenction for the internet, plus it precludes them from having to have proxy settings on their web browsers (all http traffic is through a proxy server for our company).
They also have to access the company web server, which using the internal DNS servers, gives them the private ip address of the server.
The problem I am having is, they can not access the web server in the DMZ. The log entry is:
Oct 28 2006 15:10:20: %PIX-3-305005: No translation group found for tcp src outside:10.10.110.2/1221 dst dmz1:10.10.1.3/80
(10.10.1.x is our DMZ range)
Obviously there is already a static translation between the web server and a public address. So, how do I do a translation group for this scenario without breakign the current translation set for the web server? Do I treat it like a normal private address range and the PIX is smart enough to send the packets over the correct translation?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...