How do i need connect T1/T2 ports of the WSA for Simplex mode start work? WSA configured with NAT.
Do I need configure on L3SW1:
1) mirror g0/0 ingress traffic to g0/11 and connect T1 port of WSA to g0/11
2) mirror g0/4 ingress traffic to g0/12 and connect T2 port of WSA to g0/12?
L4 Traffic Monitor (L4TM) deployment is independent of the Web Proxy deployment. When connecting and deploying the L4 Traffic Monitor, consider the following:
a) Physical connection. You can choose how to connect the L4 Traffic Monitor to the network.
b) Network address translation (NAT). When configuring the L4 Traffic Monitor, connect it at a point in your network where it can see as much network traffic as possible before getting out of your egress firewall and onto the Internet. It is important that the L4 Traffic Monitor be ‘logically’ connected after the proxy ports and before any device that performs network address translation (NAT) on client IP addresses.
c) L4 Traffic Monitor action setting. The default setting for the L4 Traffic Monitor is monitor only. After setup, if you configure the L4 Traffic Monitor to monitor and block suspicious traffic, ensure that the L4 Traffic Monitor and the Web Proxy are configured on the same network so that all clientsare accessible on routes that are configured for data traffic.
Or I need mirror g0/1 egress traffic to g0/12 and connect T2 port of WSA to g0/12? What about wrote in b) " It is important that the L4 Traffic Monitor be ‘logically’ connected after the proxy ports and before any device that performs network address translation (NAT) on client IP addresses"????
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...