[c-nsp] Trouble in an ASA migration from CheckPoint
Marcelo Zilio
ziliomarcelo at gmail.com
Sat May 9 09:10:28 EDT 2009
Hi,
Thank you for the feedback.
What I must do is for example:
200.1.1.1 (internet) ----> ASA (NAT IP 80.1.1.1) ----> 10.1.1.1 (inside)
190.1.1.1 (internet) ----> ASA (NAT IP 80.1.1.1) ----> 10.1.1.2 (inside)
When packets come from 200.1.1.1 towards 80.1.1.1 ASA should redirect to
inside IP 10.1.1.1.
When packets come from 190.1.1.1 towards 80.1.1.1 ASA should redirect to
inside IP 10.1.1.2.
That is, packets are forwarded to inside network based on source Internet
address. There are dozens of servers in this situation.
Don't ask me why, this is the way checkpoint works today and I need to
reproduce the same configuration at ASA. :)
Port redirection is not an option today because there are overlapping ports
in some servers.
Thanks
Marcelo
2009/5/8 Bruce Pinsky <bep at pinskyfamily.org>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Marcelo Zilio wrote:
> > Hi,
> >
> > I'm working in a migration of a CheckPoint Firewall to an ASA5520. I
> freeze
> > on a situation that seems ASA cannot "reproduce" CheckPoint
> configuration.
> > Follow the scenario:
> >
> > - IP Address X on the Internet access IP Address X1 in the Inside network
> > through the X-NAT Address.
> > - IP Address Y on the Internet access IP Address Y1 in the Inside network
> > through the same X-NAT Address.
> >
>
> Can you give us a more concrete example please? I'm not grok'ing what you
> are trying to accomplish.
>
>
> - --
> =========
> bep
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkoDxysACgkQE1XcgMgrtyZOMgCg8Yj4idWNvx9iTz32Pdy9QELy
> raAAn1pjQvIpoP31virlnmmlJc3JEz73
> =cP6b
> -----END PGP SIGNATURE-----
>
More information about the cisco-nsp
mailing list