Hi, I wonder if someone can help with this? I am trying to set NAT rules on PIX v7.0(2) that will allow a server to have static PAT for inbound TCP port 80 and port 443 on one external IP address, but will allow outbound access using a different external IP address. The reason for this is that a customer uses an external ScanSafe proxy (port 8080) that will only accept connections from two particular external IPs, but the internal server is also a webserver that is accessed on an external IP that is different from the allowed ScanSafe addresses. Apparently the previous Nokia Checkpoint firewall allowed this, but I cannot seem to replicate this on a PIX. I have tried various combinations of static NAT/PAT, policy NAT/PAT, etc, but I always seem to get caught up in the Cisco 'order of NAT commands' http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/nat.htm#wp1042696
The static rules always take precedence, and my outbound connections use the 'wrong' external IP. Any ideas, or is this impossible on a PIX?
BTW - not sure if I made this clear above, but this problem is just with the servers with static PATs that need to access the ScanSafe proxy. All dynamic clients are fine.
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...