The INSIDE network uses 10.10.10.x and get PATd to a public address when going to the Internet through the OUTSIDE Interface.
The DMZ Network uses another private network 10.10.20.x and get PATd to the same public IP address when accessing the Internet through the OUTSIDE Interface (the 188.8.131.52)
There is no NAT/PAT setup at the moment when the Inside access the DMZ or vice versa.
Here is the Dilemma:
With the current setup, we are having a problem getting from the INSIDE network to applications on our web server in the DMZ that use an Outside PIN authentication service (Outside means on the the Internet).
The way that PIN works is that a client from the INSIDE Network goes to the web app, and then gets redirected to the OUTSIDE PIN server for authentication. Once authenticated, they are redirected back to the web app with a ticket that includes the authenticated IP address. Our web server compares the authenticated IP address with that of the orginal ip address of client, and denies access if they don't match. The problem is that the ticket contains that outside PATd address of the client (184.108.40.206), but the web server is seeing the inside address of the client (10.10.10.x)
I thought if I PAT the inside Network when accessing the DMZ to the same 220.127.116.11 address I would be able to over come the problem since the webserver and the PIN authentication server will see the Inisde client as 18.104.22.168. Is there a better way of doing it?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :