https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530314#M607433 <P>Hi,</P><P></P><P>Given the below setting:</P><P></P><P>static (dmz,outside) 33.33.33.1 10.0.0.1 netmask 255.255.255.255</P><P></P><P></P><P>If a packet comes from the inside to destination 33.33.33.1, how will the inspection and traffic flow go?</P><P></P><P>I am thinking that the firewall, upon receipt of the packet from an inside host, will forward the packet to the outside interface.&nbsp; Upon reaching the outside interface, since there is no ACL applied on the outside that will allow inside IP addresses to enter the DMZ zone, the packet get dropped.</P><P></P><P>Is the above analysis correct?</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 19:05:54 GMT marcusbrutus 2019-03-11T19:05:54Z https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530314#M607433 <P>Hi,</P><P></P><P>Given the below setting:</P><P></P><P>static (dmz,outside) 33.33.33.1 10.0.0.1 netmask 255.255.255.255</P><P></P><P></P><P>If a packet comes from the inside to destination 33.33.33.1, how will the inspection and traffic flow go?</P><P></P><P>I am thinking that the firewall, upon receipt of the packet from an inside host, will forward the packet to the outside interface.&nbsp; Upon reaching the outside interface, since there is no ACL applied on the outside that will allow inside IP addresses to enter the DMZ zone, the packet get dropped.</P><P></P><P>Is the above analysis correct?</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 19:05:54 GMT https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530314#M607433 marcusbrutus 2019-03-11T19:05:54Z https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530315#M607434 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Mike here I hope you are doing great. Not exactly, You will be able to access that resource only if you run DNS doctoring, Otherwise what you will be doing will be a hairping on the outside interface which is not allowed on the firewall. My suggestion for you if you want to access this host that is on the DMZ with the mapped IP, you can configure something like this</P><P></P><P>static (dmz,inside) 33.33.33.1 10.0.0.1 netmask 255.255.255.255</P><P></P><P>That way you will be able to access that resource with the Mapped IP instead of using the private. Here is a document for reference.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml</A></P><P></P><P>Hope it helps.</P><P></P><P>Mike</P></BODY></HTML> Sat, 06 Nov 2010 05:05:00 GMT https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530315#M607434 Maykol Rojas 2010-11-06T05:05:00Z https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530316#M607435 <HTML><HEAD></HEAD><BODY><P>Hi Maykol,</P><P></P><P>Thanks for the reply.</P><P></P><P>If i have both configurations running on the firewall, will it work?</P><P></P><P>static (dmz,outside) 33.33.33.1 10.0.0.1 netmask 255.255.255.255</P><P>static (dmz,inside) 33.33.33.1 10.0.0.1 netmask 255.255.255.255</P><P></P><P>Thanks again.</P></BODY></HTML> Sat, 06 Nov 2010 05:55:22 GMT https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530316#M607435 marcusbrutus 2010-11-06T05:55:22Z https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530317#M607436 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Sure, There will be no problem.</P><P></P><P>Try it out and let us know.</P><P></P><P>Thanks !</P></BODY></HTML> Sat, 06 Nov 2010 19:35:49 GMT https://community.cisco.com/t5/network-security/static-nat-on-asa-query/m-p/1530317#M607436 Maykol Rojas 2010-11-06T19:35:49Z