https://community.cisco.com/t5/network-security/nat-question-with-2-firewalls/m-p/696913#M1034118 <HTML><HEAD></HEAD><BODY><P>What's the FWSM config / NAT config for 10-net looks like?</P><P></P><P>Depending on thr config, you may or may not be able to do that. Need to have a look at the FWSM's config first.</P><P></P><P></P><P>HTH</P><P>AK</P></BODY></HTML> Wed, 22 Nov 2006 23:53:56 GMT a.kiprawih 2006-11-22T23:53:56Z https://community.cisco.com/t5/network-security/nat-question-with-2-firewalls/m-p/696912#M1034117 <P>Hi all,</P><P></P><P>We have 2 firewalls in our network. The internal firewall is a FWSM with inside and outside interface and all the NAT is performed on the FWSM. The DMZ exists on the external firewall. DMZ uses all public addresses.</P><P></P><P>I am in the process of putting a VPN concentrator on the DMZ for remote access. The address pool for VPN clients will also be a public IP which is carved out of the DMZ subnet. The VPN clients need to access several 10-net private IP servers and it is not possible to do a static NAT.</P><P></P><P>When clients VPN in, they have to be able to access the 10-net servers. But FWSM NATs all 10-net traffic and so the 10-net does not exist beyond the FWSM.</P><P></P><P>How can I manipulate NAT and routing so that I can access the 10-net servers?</P><P></P><P>Any help would be appreciated.</P> Tue, 26 Mar 2019 00:36:50 GMT https://community.cisco.com/t5/network-security/nat-question-with-2-firewalls/m-p/696912#M1034117 mchockalingam 2019-03-26T00:36:50Z https://community.cisco.com/t5/network-security/nat-question-with-2-firewalls/m-p/696913#M1034118 <HTML><HEAD></HEAD><BODY><P>What's the FWSM config / NAT config for 10-net looks like?</P><P></P><P>Depending on thr config, you may or may not be able to do that. Need to have a look at the FWSM's config first.</P><P></P><P></P><P>HTH</P><P>AK</P></BODY></HTML> Wed, 22 Nov 2006 23:53:56 GMT https://community.cisco.com/t5/network-security/nat-question-with-2-firewalls/m-p/696913#M1034118 a.kiprawih 2006-11-22T23:53:56Z https://community.cisco.com/t5/network-security/nat-question-with-2-firewalls/m-p/696914#M1034119 <HTML><HEAD></HEAD><BODY><P>The current NAT on the FWSM is as follows</P><P></P><P>All 10-net addresses are NATed to public address where some are static NAT, some are dynamic NAT and some are PAT.</P><P></P><P>Dynamic NAT has x.x.216.31 through 250 and</P><P>x.x.217.31 thru 250. All port 80 and 443 traffic from 10-net gets a PAT address of x.x.216.251 or x.x.217.251. We also have x.x.216.252 through 254 for PAT for non-web port traffic.</P><P></P><P>So, here is my NAT config</P><P></P><P>nat (inside) 1 access-list Web_Outbound</P><P>nat (inside) 2 10.0.0.0 255.0.0.0</P><P></P><P>global (outside) 1 x.x.216.251</P><P>global (outside) 1 x.x.217.251</P><P>global (outside) 2 x.x.216.31-x.x.216.250</P><P>global (outside) 2 x.x.217.31-x.x.217.250</P><P>global (outside) 2 x.x.216.252</P><P>global (outside) 2 x.x.216.253</P><P>global (outside) 2 x.x.216.254</P><P></P><P>access-list Web_Outbound permit tcp 10.0.0.0 255.0.0.0 any eq 80</P><P>access-list Web_Outbound permit tcp 10.0.0.0 255.0.0.0 any eq 443</P><P></P></BODY></HTML> Thu, 23 Nov 2006 04:40:26 GMT https://community.cisco.com/t5/network-security/nat-question-with-2-firewalls/m-p/696914#M1034119 mchockalingam 2006-11-23T04:40:26Z