https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248895#M765098 <P>We have the following zones on our firewall:</P><P></P><P>Inside</P><P>Outside</P><P>DMZ</P><P></P><P>The inside contains a wireless 'guest' network (10.7.20.x/24) if I want to connect to a device in the DMZ (10.7.30.24) USING the mapped outside address 171.145.23.32, how would I do it?</P><P></P><P>I can always connect to it using the real address, but cannot connect using the outside address, is it possible from the inside to do this?</P><P></P><P></P> Mon, 11 Mar 2019 16:26:56 GMT oneirishpollack 2019-03-11T16:26:56Z https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248895#M765098 <P>We have the following zones on our firewall:</P><P></P><P>Inside</P><P>Outside</P><P>DMZ</P><P></P><P>The inside contains a wireless 'guest' network (10.7.20.x/24) if I want to connect to a device in the DMZ (10.7.30.24) USING the mapped outside address 171.145.23.32, how would I do it?</P><P></P><P>I can always connect to it using the real address, but cannot connect using the outside address, is it possible from the inside to do this?</P><P></P><P></P> Mon, 11 Mar 2019 16:26:56 GMT https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248895#M765098 oneirishpollack 2019-03-11T16:26:56Z https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248896#M765100 <HTML><HEAD></HEAD><BODY><P>Yes it's possible but you will lose the ability to connect to it with the real address.</P><P></P><P>static (DMZ,inside) 171.145.23.32 10.7.30.24 netmask 255.255.255.255</P></BODY></HTML> Fri, 16 Oct 2009 17:49:32 GMT https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248896#M765100 acomiskey 2009-10-16T17:49:32Z https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248897#M765101 <HTML><HEAD></HEAD><BODY><P>Alright I added the following entry:</P><P></P><P>static (DMZ,inside) 171.145.23.32 10.7.30.24 netmask 255.255.255.255</P><P></P><P>And now I can connect to the address from the inside. However, my inside clients can no longer connect to the DMZ device directly using it's local address. How do I get the best of both worlds?</P></BODY></HTML> Fri, 16 Oct 2009 18:07:18 GMT https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248897#M765101 oneirishpollack 2009-10-16T18:07:18Z https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248898#M765105 <HTML><HEAD></HEAD><BODY><P>Sorry, I posted a reply before I viewed your post - and you are dead on. </P><P></P><P>So help me figure this out. We have a "guest" network (inside address) that uses external DNS. If I use DNS Rewrite, the "guest" network can connect to the device in the DMZ, because the DNS answer is re-written with the internal address. I cannot however connect to the outside address of the device in the DMZ from the inside. </P><P></P><P>If I add the static entry static: (DMZ,inside) 171.145.23.32 10.7.30.24 netmask 255.255.255.255 , I can no longer connect to the inside address directly, but it does translate it and I can use the outside address. </P><P></P><P>Is there a way that would allow me to use either address (real and mapped) from the inside and connect?</P><P></P><P></P><P></P><P></P><P></P></BODY></HTML> Fri, 16 Oct 2009 18:15:09 GMT https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248898#M765105 oneirishpollack 2009-10-16T18:15:09Z https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248899#M765109 <HTML><HEAD></HEAD><BODY><P>Use policy NAT:</P><P></P><P>access-list foo permit ip host 10.7.30.24 10.7.20.0 255.255.255.0 </P><P></P><P>static (dmz,inside) 171.145.23.32 access-list foo</P><P></P><P>This way, 10.7.20.0/24 will be able to reach 171.145.23.32 but not 10.7.30.24</P><P></P><P>All other hosts on the inside will be able to reach 10.7.30.24 but not 171.145.23.32.</P><P></P><P></P></BODY></HTML> Fri, 16 Oct 2009 20:35:12 GMT https://community.cisco.com/t5/network-security/inside-to-outside-connection/m-p/1248899#M765109 Herbert Baerten 2009-10-16T20:35:12Z