Static nat policy question - different external destinations
Maybe (hopefully) someone can either help me with or clarify limitations of Cisco ASA static nat policy on FWSM 4.1.4 (in transparent).
I am trying to setup a static policy nat for port forwarding (redirection) and suppose I'm asking too much.
I want traffic coming from sources "a", "b", and "c" to a single public destination (184.108.40.206) on port 443 to go to internal/translated address 220.127.116.11 port 443.
I want traffic coming from sources "d", "e", and "f" to a single public destination (18.104.22.168) on port 443 to go to internal/translated address 22.214.171.124 port 443.
This doesn't seem to be possible on the FWSM since creating the second above static policy after creating the first one results in complaints about the address already being in use by the first policy.
Additionally, and this is the part that has me stumped, when I create the first static nat policy using the ASDM and place a network group (with a,b,c in it) into the "destination" field, the FWSM translates ANY IP address with the rule, not just external a,b,c... What is the point of the "destination" field if the static policy doesn't obey it???
BTW, I've also tried this from the cli by creating an entirely different access list rather than the ootb inside_nat_static, it gave me the same complaint about having duplicate addresses. I've seen something about FWSM not supporting source NAT'ing, not sure if this is exactly that...
Cisco Privacy Survey highlights the emergence of “Privacy Active” consumers. People care about privacy, but to what extent does it guide their consumer behavior and their actions to protect their personal information? In our new Cisco Customer Privac...
Threat Response integrates with Cisco Email Security in one of two ways: Directly from the ESA, or via an SMA. Each has its own module, but either will bring email visibility into your investigations performed in Threat Response.
Via an SMA:
Earlier this year, we released Cisco Identity Services Engine (ISE) 2.6. It delivered a broad new set of features and greater scale - a big stride for both better NAC services that ISE delivers and better Software-Defined Access. Today, we’re thril...
Integrating Cisco Identity Services Engine with Cisco Meraki Systems Manager
Technical Marketing Engineer, Cisco Systems, Inc.
Cisco Meraki Systems Manager is a cloud base endpoint management solu...
Existing customers may download the Cisco Identity Services Engine (ISE) 2.7 which was released on November 18, 2019. For 90-day evaluations of ISE, please see How to Get ISE Evaluation Software & Licenses.