stmd
Programmer
- Aug 19, 2010
- 1
Let me start off by saying that I am somewhat new to the land of Cisco / ASA. I am using 8.3.
Is it possible to translate both the source and destination of a packet going from outside -> dmz?
Here's my quandary:
I have one server with two network interfaces, configured as such:
eth0: 172.16.20.72
eth1: 10.20.20.72
The default gateway is 10.20.20.1.
In the ASA world, my inside interface can access the DMZ on 10.20.20.72 because I added a route for my inside network telling it to route back to eth1. This is grand!
However, traffic from the internet, which is static natted, arrives on eth1 but obviously attempts to send packets back out on the default route. So, my thought was to translate both the destination (from the real IP address to the private dmz address) and the source (from a real world address to a private address range in a pool). This way, I have a known network to route back to eth1.
This seems quite hairy, and surely I must be doing something the hard way or attempting to do something which should not be done.
Any ideas?
Is it possible to translate both the source and destination of a packet going from outside -> dmz?
Here's my quandary:
I have one server with two network interfaces, configured as such:
eth0: 172.16.20.72
eth1: 10.20.20.72
The default gateway is 10.20.20.1.
In the ASA world, my inside interface can access the DMZ on 10.20.20.72 because I added a route for my inside network telling it to route back to eth1. This is grand!
However, traffic from the internet, which is static natted, arrives on eth1 but obviously attempts to send packets back out on the default route. So, my thought was to translate both the destination (from the real IP address to the private dmz address) and the source (from a real world address to a private address range in a pool). This way, I have a known network to route back to eth1.
This seems quite hairy, and surely I must be doing something the hard way or attempting to do something which should not be done.
Any ideas?