Greetings.

A pix 515E with software 8.0(4)28 connects the inside and outside networks. There are some servers in "outside" that have addresses overlapping with the internal subnets (192.168.10.25 and 192.168.10.26), and those servers have a reverse route only to a specific subnet (172.16.5.0/24). So - double nat. Here's the config (it works fine):

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 172.16.5.1

static (outside,inside) 172.19.100.1 192.168.10.25 netmask 255.255.255.255

static (outside,inside) 172.19.100.2 192.168.10.26 netmask 255.255.255.255

route inside 0.0.0.0 0.0.0.0 10.15.0.3 1

route outside 192.168.10.25 255.255.255.255 10.17.3.1 1

route outside 192.168.10.26 255.255.255.255 10.17.3.1 1

(and a route to 172.19.100.2 on the first hop in the inside network).

Now to the problem. 192.168.10.26 is an HTTP server. On the pages it has hyperlinks pointing to http://192.168.10.25, the browser tries to access that server - and, surely, failes, as the target server is only available by sending requests to 172.19.100.1, with the packets being DNAT'ed.

Is it possible to rewrite the packet's body, replacing all occurances of <a href="http://192.168.10.25 for <a href="172.19.100.1 ? I know it's a kludge, but other options are even worse.

If PIX can't do it - who can? ASA eith 8.4 software? IOS router?