I have a need to build a NAT policy to handle bidirectional communications between a host behind my DMZ and an internal host. Once an hour, the host behind my DMZ (220.127.116.11) initializes a connction to an inside device. Likelise, whenever there is activity on my inside device (inside local:172.31.45.20 / DMZ Global 192.168.10.160) this will provoke a communication to the native IP of the host behind the DMZ (18.104.22.168). ALl is working fine now but I have a need to source translate the source)
There is an .INI file on the inside device containing the native IP of the host behind my DMZ, and I need to change this value to 172.31.48.51. However, I can 't accmplish this in one day so I'm trying to figure out a way to facilitate both native and NAT on the source DMZ host. (note: I have static routes for the Native IP back to my DMZ. The NAT IP of 172.31.48.51 is in my routing table)
I've come up with this configuration and from the looks of it, testing with sniffer and packet-tracer this sees to be working. However, I'm being told that data is not arriving into DMZ host 22.214.171.124. Please check the below and tell me if this makes sense.
(Addresses have been changed to protect the innocent)
To handle source translation at PIX-DMZ going to inside interface when session is initiated from the lower level interface.
global (inside) 101 172.31.48.64 netmask 255.255.255.255
This s/b (DMZ,inside) since this public IP is behind the DMZ interface.
Let me try to explain my case in verbiage. Our contracted payroll service is behind our DMZ. In this example their payrill time clock poller IP is 126.96.36.199. They hit my DMZ interface and I destination NAT 192.168.10.160 into my inside local IP of 172.31.48.51. The poll interval is every 60 minutes. The poll just checks to see if the time clock is there and online.
From the inside:
When employees punch, the time clock initiates a tcp connection to native IP 188.8.131.52 IP. Each time clock has a .INI file that contains the poller server IP of 184.108.40.206. I have static routes from this inside remote office bringing the src: 172.31.45.20 dst: 220.127.116.11 back to my PIX.
Currently this works fine.
Now I want to masquerade 18.104.22.168 into 172.31.48.51 when the poller initiates form the DMZ, but being that I have a ton of time clocks on the inside, when I ask the payroll service vendor to push a new .INI to the time clocks, the old and new configurations will work so that I can systematically change the .INI files over the course of a few days.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...