This is the current asa config and it not working, I am not good in cisco firewall and my background is a checkpoint. please suggest me can I apply the below config.
Current Config
==============
interface GigabitEthernet1/1
nameif CORP
security-level 50
ip address 10.31.210.76 255.255.255.248 standby 10.31.210.77
interface GigabitEthernet1/3.100
nameif Switchint
security-level 100
ip address 10.38.24.9 255.255.255.248 standby 10.38.24.10
!
access-list Switchint extended permit tcp 10.38.214.8 255.255.255.248 object-group Service_TACACS object-group ACS_Monitoring
access-list Switchint extended permit udp 10.38.214.8 255.255.255.248 object-group Service_TACACS object-group ACS_Monitoring
access-list Switchint extended permit udp 10.38.214.8 255.255.255.248 object-group Service_TFTP object-group HPNA_Monitoring
access-list Switchint extended permit tcp 10.38.214.8 255.255.255.248 object-group Service_Telnet_SSH object-group HPNA_Monitoring
access-list Switchint extended permit tcp 10.38.214.8 255.255.255.248 object-group Service_Telnet_SSH object-group Terminal_Monitoring
!
nat (CORP,Switchint) source static Terminal-Server interface ( this command already exist and I don't understand someone please explain me this line)
route CORP 10.0.0.0 255.0.0.0 10.31.210.73 1
object-group network Terminal-Server
network-object host 10.12.62.57
object-group network Terminal_Monitoring
network-object host 10.12.82.5
network-object host 10.10.17.10
I believe nat exempt is required and it is missing and it should be placed above the present Nat rule. Getting the Nat issue with the packet tracer out, can I add the below nat statement, does this resolve the issue.
object-group network Switch-Server
network-object host 10.38.24.11 255.255.255.248
nat (Switchint,CORP) source static Switch-Server Switch-Server destination dynamic Terminal_Monitoring Terminal_Monitoring no-proxy-arp route-lookup description NoNat
please guide me