Say you want anyconnect users to connect but then get to the internet via your public IP. You'll need the same securitycommands too
Same as your anyconnect pool
object network OBJ-10.50.150.0
subnet 10.50.150.0 255.255.255.0
object network OBJ-10.50.150.0
nat (OUTSIDE,OUTSIDE) dynamic interface
Hair-pin NAT
This is a NAT where I wanted to access a DMZ server on its public IP from the inside LAN
Need to set some objects up first.
nat (INSIDE,DMZ) source static OBJ-10.59.0.0-19 OBJ-10.59.0.0-19 destination static OBJ-SERVER-PUB-IP OBJ-172.59.0.10 no-proxy-arp
Re-write DNS
Simple solution than above
object network DMZ-WEBSERVER
nat (DMZ,OUTSIDE) static 100.190.220.74 dns
Use the created xlate to rewrite DNS record
Simple solution than above
object network DMZ-WEBSERVER
nat (DMZ,OUTSIDE) static 100.190.220.74 dns
Use the created xlate to rewrite DNS record
No comments:
Post a Comment