是的,这个应该是twice NAT,配置的场景一般可能是这样。
举例说明:
内部IP通过WEB服务器映射到ASA Outside的IP访问WEB服务
object network inside-www
host 192.168.100.100
object network public-www
host 202.100.1.1
object service tcp-80
service tcp destination eq www
nat (inside,inside) source static any interface destination static public-www inside-www service tcp-80 tcp-80
//将访问服务器的源IP映射成inside IP,将外部Outside地址映射成实际WEB Server IP;这里是将任意的IP地址映射成interface inside地址,将目的地址映射成inside-www定义的IP(即WEB Server),服务器源端口80映射到目的端口80
注意:因为流量从相同的接口接入,类似于同安全级别的接口之间互访,别忘记了配置:same-security-traffic permit intra-interface
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rps-Cheers | If it solves your problem, please mark as answer. Thanks !