Firewall Wizards mailing list archives
ASA NAT makes real address inaccessible?
From: Neale Banks <neale () lowendale com au>
Date: Thu, 6 Jul 2006 20:06:26 +1000 (EST)
Greetings all, I have an issue with NAT on a Cisco ASA 5520 running ASA software version 7.0(2) and being configured/managed via ASDM... There are four interfaces relevant to this problem: Internet -- -- New-DMZ \ _________ / | | | ASA | |_________| / \ Internal -- -- Old-DMZ We relocated a WWW proxy (squid on Linux) from the Old-DMZ to the New-DMZ, and it tested OK from an internal workstation (call it WS-A) configured with the new proxy address. In order to smooth the migration, we added a nat rule on the Internal interface to translate the proxy's old address to its new address. That tested OK from an internal workstation (call it WS-B) configured with the old proxy address. But... after adding that NAT rule, WS-A (still configured with the new proxy address) is unable to connect to the proxy - it seems that configuring the NAT rule has made the real address inaccessible {:-( I can think of a couple of different workarounds, involving having the proxy listen on an additional-IP address and/or TCP-port), but these seem like unnecessary hacks to work around a hopefully simple problem. Any suggestions on how to solve this in the ASA config? Thanks, Neale. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ASA NAT makes real address inaccessible? Neale Banks (Jul 09)