Thank you guys very much!
On Mon, Feb 28, 2011 at 5:12 PM, Mark Cairns <m.a.cairns_at_gmail.com> wrote:
> There are always multiple ways of getting to the same goal.
>
> The most common way of doing this (that I have seen) is through DNS
> modification. I assume guests are using a DNS entry to resolve the Citrix
> farm as 1.1.1.2.
>
> If you are pointing the guests to a public DNS server outside the ASA, you
> can modify the response and they can connect directly to the 10.10.32.25
> address, never touching the outside interface.
>
> In that case, you would allow the guest source IP to have TCP 443 access to
> 10.10.32.25 on your router. Do a NAT 0 on the 10.10.10.254 source when
> going
> to 10.10.32.25.
>
> Check this link and consider adding the DNS keyword to your static
> statement. This is a suggestion, and I don't know your DNS topology to
> state
> if it will impact anything else. If your DNS is set up this way, any query
> for your citrix farm would be returned to an inside host as the private IP.
>
>
> http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/cfgnat.html#wp1042753
>
> Just another option to consider.
>
> Mark
> #17755, Security
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Feb 28 2011 - 18:40:26 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART