02-26-2010 09:17 AM
The controllers support 802.1q trunking, however, so you can have a single link service multiple VLANs.
02-26-2010 09:46 AM
02-26-2010 09:53 AM
any host x.x.x.x svc-https dst-nat ip y.y.y.y 443
That rule would NAT x.x.x.x to y.y.y.y for https from any source. You would need one of these per host on the inside and per port/protocol (unless you used any instead of svc-https in the example above). I would recommend NOT allowing all ports/protocols inbound, however.
02-26-2010 02:49 PM
So for example our assigned outside address was X.X.X.162 on the firebox
We have a block of addresses from 163-169.
I assigned 162 to the outside VLAN on the controller, and created a NAT pool called Outside-NAT with 163-169. I then created session policy including all of the correct external-to-internal mappings and applied to my outside port.
Thanks again for assist!