So, I have a very interesting network. I have a media server that is on a separate VLAN. There is no way for me to statically configure the client(s) with a static IP (they just search for the server). It uses tcp/32400. Basically, my host will show as coming from a different zone than where my media server is. So, I need to forward any tcp/32400 requests from one zone and forward it to another. For some reason, I keep hitting a wall when creating that (especially considering this is just straight L3 traffic - no NAT involved). Any thoughts?
I should note that topology wise:
Internet --- ASA --- L3 Point to Point --- PA
The client is hanging off the ASA and as I said, it's just straight L3 traffic. But, from the PA's standpoint, it would appear as coming from "Untrusted" to "Trusted" - just not with any NATing involved.
Have you tried Policy based forwarding Rule for this traffic? Configure it such as all tcp/32400 traffic sourcing from Untrust to forward on the media server's interface.
Let me know if that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!