[fw-wiz] ASA NAT makes real address inaccessible?
- From: Neale Banks <neale@xxxxxxxxxxxxxxxx>
- Date: Thu, 6 Jul 2006 20:06:26 +1000 (EST)
Greetings all,
I have an issue with NAT on a Cisco ASA 5520 running ASA software version
7.0(2) and being configured/managed via ASDM...
There are four interfaces relevant to this problem:
Internet -- -- New-DMZ
\ _________ /
| |
| ASA |
|_________|
/ \
Internal -- -- Old-DMZ
We relocated a WWW proxy (squid on Linux) from the Old-DMZ to the
New-DMZ, and it tested OK from an internal workstation (call it WS-A)
configured with the new proxy address.
In order to smooth the migration, we added a nat rule on the Internal
interface to translate the proxy's old address to its new address. That
tested OK from an internal workstation (call it WS-B) configured with
the old proxy address.
But... after adding that NAT rule, WS-A (still configured with the new
proxy address) is unable to connect to the proxy - it seems that
configuring the NAT rule has made the real address inaccessible {:-(
I can think of a couple of different workarounds, involving having the
proxy listen on an additional-IP address and/or TCP-port), but these
seem like unnecessary hacks to work around a hopefully simple problem.
Any suggestions on how to solve this in the ASA config?
Thanks,
Neale.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Prev by Date: Re: [fw-wiz] dual ISP connections
- Next by Date: [fw-wiz] DMZ and critical data
- Previous by thread: Re: [fw-wiz] dual ISP connections
- Next by thread: [fw-wiz] DMZ and critical data
- Index(es):
Relevant Pages
|
