port forward/PAT to host behind remote VPN endpoint
Ok here is my situation
Site A: static IP, Cisco PIx 515 running PIX 8.04
Site B: dynamic IP, running either PIX 501 or 1721 router with security image
EZVPN connection from B to A
I want all internet traffic from site B to go out Site B's local internet link EXCEPT email, which I want routed through site A's internet connection. Site A has a single server for exchange, AD, dns, etc. I only want email traffic, not all traffic from the server at site B to go out Site A's internet connection. Also, I want inbound email designated for Site B to go through Site A's extra static IP(I have the extra static, and I know what needs to be done MX wise).
Can this be done this way, or do I have to setup another IOS based device at Site A, and use a GRE tunnel?
Basically, also in general, if I want to accept a connection and Site A, and forward to Site B, does this require route maps or GRE?(IE if site B is hosting a web server, but want to piggy back off Site A's static)/
I configured a similar example using http 80, which can help you.
FW1: outside 10.0.01/24 FW2: outside 10.0.0.2/24
Inside 192.168.1.0/24 inside 192.168.2.0/24
VPN site to site between FW1 and FW2
Connected to FW2 is our HTTP server R2 (which is another router with http service enabled), connections to FW1 on http 80 will be forward to R2 through the VPN site to site, to finally reach the http server R2, please see the attached network diagram for a better understanding.
In addition you may also find attached the configs of each device in case you want to try it yourself
NAT for http service on extra public IP address, please notice 10.0.0.125 is not configure on any interface, it is no necessary.
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/ciscochampions
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of d...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...
IntroductionRequirementsWhat problem does CSDAC solve?CSDAC ComponentsConfiguration CSDAC Login Connector AdaptersCSDAC WorkflowFMC Policy Configuration with Dynamic ObjectsUse Case: Blocking IP address using dynamic object without a policy push