how can i config PIX/ASA to append real source ip address to server after nat.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2013 03:59 AM - edited 03-11-2019 06:41 PM
clients in internal , Server located in DMZ
client visit server, server can only see transaled source address
cu want to see real client ip address , how can i config PIX/ASA to achieve this.
traffic is not only http, such as video, and some customer's application.
thank you!
Tom
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2013 05:01 AM
Tom,
You can use NAT 0 accomplish this.
Example:
Internal client: 10.10.10.2
DMZ server: 192.168.1.2
NAT 0:
access-list nat_0 permit ip host 10.10.10.2 host 192.168.1.2
nat (nside) 0 access-list nat_0
The above rules automatically allow users to communicate using the real IP addresses.
Regards,
Juan Lombana
Please rate helpful posts.
