Hello, just wondering if anyone has done this and might have some tips, please ?
Due to an ftp (sftp) server migration a developer has asked me if:
For outgoing connections, the new server and the old server, say ip's = S1 and S2, can use the same existing public ip that S1 currently uses, say ip = P1. (He doesn't want the external suppliers to have change their firewall rules - he says there are only about 6 external suppliers)
For incoming unsolicited connections, the servers can also share this same ip P1 (using the same port = tcp 22).
The existing server has an existing simple static auto nat such that for both o/g and i/c connections, S1<=>P1.
e.g. (using S1 and P1 for the host ip addresses)
object network obj-S1
host S1 nat (dmz1,outside) static P1
My initial thought was 'no' but out of curiosity I'm wondering if the following would work:
a. Remove the existing nat
b. Add new twice nats so that each external supplier, say X1 to X6 can be migrated in turn such that we'd have as a first step
X1 is routed via P1 to S2
X2 to X6 are routed via P1 to S1 (as existing).
object network obj-S1
object network obj-S2
object network obj-P1
object network obj-X1
host X1 - (might be a range but using single hosts for simplicity)
Managed to get hold of a spare small ASA (5506) and tried this - worked OK. Didn't need to remove the existing object auto NAT as the new manual twice NATs take precedence. We're not translating the external ip but need to match on it. So suppliers can be migrated one by one if needed.
Enable full visibilityCreating first policy setUnderstanding ISE Live Log status
These are few tips that will help you with your first deployment of ISE. For advanced tips, please visit: https://community.cisco.com/t5/security-documents/advanced-i...
This guide helps in troubleshooting the IBM QRadar pxGrid App. It is assumed that the ISE pxGrid App has already been installed in QRadar. The official IBM QRadar pxGrid App How-to Guide can be downloaded from: https://exchange.xforce.ibmcloud.com/...
Join us live on Tuesday, July 16 at 10 am PT to learn how integration and automation are the key to successful security designs. We’ll answer questions about Threat Response and also do a quick demo of our browser plugin and our latest integration wi...
Hello and welcome to the repository for the Monthly Webinar Series put together by our Desert Plains Operation Security Architecture team.
Our sessions are NOT recorded -- however you'll find historical slide decks attached as well as futu...
In June we have had new additions to our growing list of Machine-Learning-powered Confirmed Threat detections provided by the Cognitive Intelligence engine. Thanks to the improvement made to our Machine Learning backend (see Machine Learning Backend Impro...