Hi I created a sample network above to describe my situstion okay I have a main site in southamerica and a remote site in miami which is connected via ipsec vpn both sites are terminated with asa 5505 and then we have a customer that is connected to the remote site in miami and we are connected to the customer through the miami vpn connection at the customer site they have quite a few citrix servers that we access at the main site we have about 200+ workers at the main site accessing these citrix servers via a single ip address in the web browser and the applications work just fine the problem is we deployed a gfi web proxy to save bandwidth and it works well but when we open the citrix applications they are all running through the proxy and then back to the firewall then to the vpn and this causes huge problems when we have all workers connected but how the proxy works if i try to browse web pages on the local intranet it does not pass through the proxy so i was wondering if i do a nat config on the firerwall to map an inside ipaddress to the remote citrix server web interface this will prevent the citrix traffic from passing through the proxy
So if I understood you correctly, you want to map an IP address located at Miami Customer site to an IP address thats part of the South America Sites local network to bypass the GFI Web Monitor?
If what I described above is the situation then could you please let us know what software you are running on the ASAs? Do you have access to all of the firewall/VPN devices in the picture or is the Miami Customer device under their management only?
i saw someone did a similar config on a cisco router with nat where they mapped an unused local ip address to an actual ip address of a server on the internet and i worked but not sure if it can be done with asa's if not ill just take down the proxy for the time.
So if the aim is to NAT the actual destination IP address located at Miami Customer Site to an IP address located at South America Site then I think the configuration should look something like this
object network SA-LAN
subnet 192.168.10.0 255.255.255.0
object network SA-DEST-NAT
object network SA-DEST-REAL
nat (inside,outside) 1 source static LAN LAN destination static SA-DEST-NAT SA-DEST-REAL
The above presumes that the South America Site LAN network is 192.168.10.0/24 and the chosen NAT IP address for the destination is 192.168.10.254 from that network. The Miami Customer Site is presumed to be 10.10.10.0/24 and the actual destination address there to be 10.10.10.10
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...