Removed subnet, forwarding rogue software with Cisco firewall

Question

As we moved to another firewall with fewer connectors (PIX 515 -> ASA 5510), I had to prune the network infrastructure a bit, so one of the subnets had to go. Now we've got one piece of hardware that still insists on reaching one of the servers via a hard-coded ip address. It might be a while until I get an update, so I need some tricks to work around that.

Now, as we were waiting for the new firewall, I had a temp Linux server set up, where I could forward any connections originating from one machine to the new address. Somehow I can't manage to do this over the ASDM.

So basically I need the following setup: Treat address old-ip (removed) as new-ip (new address), preferably only on machine rogue-client.

This is on a ASA 5510, IOS 8.2, ADM 6.3.

Is the rogue client and the server on different network segments? — Zypher, Aug 16 '10 at 21:03

score 0 · Answer 1 · answered Aug 16 '10 at 22:01

You could try doing a policy NAT (sorry it's been about a year since i've done this so i'm a little rusty)

Something like the following should get you going:

(config)#access-list rougue_box permit host <old_ip>
(config)#static(<pre-nat_int>,<post-nat_int>) <new_ip> access-list rouge_box

Removed subnet, forwarding rogue software with Cisco firewall

1 Answers1