2- Why are you performing 2 different nats for the same purpose, I mean you are already letting the ASA now that if any outside users on the outside contact this ASA for the Ip address of Object-01 (18.104.22.168) the destination should be untranslated to 10.0.0.2 and the source should be translated to the PAT-DMZ ip.
So from my point of view you only need this:
nat (outside,dmz) source dynamic any PAT-DMZ destination static OBJECT-01-out OBJECT-01-in
With that line you are translating both the source and destination on one single line,
Let me know If I understood the question properly
Julio Carvajal Senior Network Security and Core Specialist CCIE #42930, 2xCCNP, JNCIP-SEC
HIDoes anyone know if there is an easier way than the belowQ. I check connection events for IOC's when requested and sometimes i have to check many url's which i am presently doing one url at a time and is very time consuming, is there a way to check mult...
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM vendor integration to help the customers to look for compliance of a dev...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?