I fully understand the alias command, and I have been using it. However I want to use PDM and the alias command is not supported. I've read the document on Destination NAT but I'm still not sure how to convert my alias statments to static statements.
I have a web server on the dmz that I want to be accessed from the inside as it's global IP address (it's actual address is 192.168.50.50)
My alias statement looks like this:
alias (inside) 216.170.X.X 192.168.50.60 255.255.255.255
This works fine (although it is annoying that once this statement is in place, I can *ONLY* access it via its global IP and NOT able to access it via its 192.168.50.60 address as I can when the alias statement is not in place)
Can anyone help me understand how to accomplish the same thing with destination NAT static statement since alias command is being retired??
This says, hide the host on the dmz from the inside using the global address 216.170.x.x.
So if you have a clear xlate and initiate a connection the dmz host from the inside, you should see a translation built from the inside host going to the dmz, even if it is using it's own address. The you should see a translation for the dmz host from the global to the dmz real address. Once both translations get built, the connection will be built as an outbound conection.
I don't understand your static command because Cisco Configurtion Documentation says that the first parameter in the static statement must be a high security level interface. The second parameter a low security level interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...