Hi All,
I have a quick question regarding some twice nat configurations.
I need to know if the following twice nat statement is necessary. (Firewall Spring Cleaning)
Example:
I have a destination in my DMZ that is being natted by yet another Firewall. In this example, the second firewall is obj-dmzhost1, the destination behind the second firewall is 192.168.0.1.
My primary Firewall has a route to the 192.168.0.0 network towards the DMZ.
So I have the following rules:
nat (inside,dmz) source dynamic object-group1 obj-patIP1
nat (inside,dmz) source dynamic object-group1 obj-patIP1 destination static obj-dmzhost1 obj-192.168.0.1
If the first statement is for PATing all sources in object-group1 against obj-patIP1 that is on it's way to anything in the DMZ, is the second statement really necessary? In testing, I don't see a justification for having it as I can reach 192.168.0.1 without the second statement using the first statement.
Just trying to understand when/where and why to use the entirety of the command, as opposed to just the first version.
Thank you in advance everyone!