https://community.cisco.com/t5/network-security/global-nat-question/m-p/777985#M977711 <HTML><HEAD></HEAD><BODY><P>I'd think the global (DMZ3) 1 would be matched when packets entering any interface with a nat (interface) 1 command had to egress the DMZ3 interface to reach their destination.</P></BODY></HTML> Thu, 04 Oct 2012 14:59:21 GMT Dhananjeyan Kaneshayogan 2012-10-04T14:59:21Z https://community.cisco.com/t5/network-security/global-nat-question/m-p/777980#M977706 <P>With the below config, since there is no "nat" for DMZ3, what will that interface see as the source address for traffic getting to servers from the outside interface?</P><P></P><P></P><P></P><P>global (outside) 1 interface</P><P>global (DMZ2) 1 interface</P><P>global (DMZ3) 1 interface</P><P>global (DMZ4) 1 interface</P><P>nat (inside) 0 access-list nonat</P><P>nat (inside) 1 0.0.0.0 0.0.0.0 0 0</P><P>nat (DMZ1) 1 0.0.0.0 0.0.0.0 0 0</P><P>nat (DMZ2) 1 192.168.2.0 255.255.255.0 0 0</P><P>nat (DMZ4) 0 access-list nonat2</P><P></P><P></P><P></P><P></P><P>ip address outside 6.2.1.130 255.255.255.224</P><P>ip address inside 10.1.1.1 255.255.255.0</P><P>ip address DMZ1 192.168.1.1 255.255.255.0</P><P>ip address DMZ2 192.168.2.1 255.255.255.0</P><P>ip address DMZ3 192.168.3.1 255.255.255.0</P><P>ip address DMZ4 192.168.4.1 255.255.255.0</P><P></P><P></P> Mon, 11 Mar 2019 10:34:49 GMT https://community.cisco.com/t5/network-security/global-nat-question/m-p/777980#M977706 wilson_1234_2 2019-03-11T10:34:49Z https://community.cisco.com/t5/network-security/global-nat-question/m-p/777981#M977707 <HTML><HEAD></HEAD><BODY><P>Wilson, I don't see a nat 0 for DMZ3? Nevermind, I misunderstood your question. There needs to be some translation for the traffic to go from DMZ3 to outside.</P></BODY></HTML> Mon, 25 Jun 2007 17:55:46 GMT https://community.cisco.com/t5/network-security/global-nat-question/m-p/777981#M977707 acomiskey 2007-06-25T17:55:46Z https://community.cisco.com/t5/network-security/global-nat-question/m-p/777982#M977708 <HTML><HEAD></HEAD><BODY><P>Hi Wilson,</P><P></P><P>Assuming that you have statics in place for servers on DMZ3 as --</P><P></P><P>static (DMZ3,outside) X Y</P><P></P><P>and outside host a.a.a.a is trying to access X, when packet reaches Y (given that ACL on outside interface is permitting access), Y will see the packet coming from a.a.a.a.</P><P></P><P>This is because there is no "outside" nat configured which would nat packets coming from outside interface.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P>Vibhor.</P></BODY></HTML> Mon, 25 Jun 2007 19:16:01 GMT https://community.cisco.com/t5/network-security/global-nat-question/m-p/777982#M977708 vitripat 2007-06-25T19:16:01Z https://community.cisco.com/t5/network-security/global-nat-question/m-p/777983#M977709 <HTML><HEAD></HEAD><BODY><P>Thanks for the input,</P><P></P><P>So, is the "1" in:</P><P></P><P>global (DMZ3) 1 interface</P><P></P><P>doing anything since there is no "nat" statement?</P></BODY></HTML> Mon, 25 Jun 2007 19:40:21 GMT https://community.cisco.com/t5/network-security/global-nat-question/m-p/777983#M977709 wilson_1234_2 2007-06-25T19:40:21Z https://community.cisco.com/t5/network-security/global-nat-question/m-p/777984#M977710 <HTML><HEAD></HEAD><BODY><P>More than that, the whole statement isn't doing anything because of no nat, not just the 1.</P></BODY></HTML> Mon, 25 Jun 2007 20:23:54 GMT https://community.cisco.com/t5/network-security/global-nat-question/m-p/777984#M977710 acomiskey 2007-06-25T20:23:54Z https://community.cisco.com/t5/network-security/global-nat-question/m-p/777985#M977711 <HTML><HEAD></HEAD><BODY><P>I'd think the global (DMZ3) 1 would be matched when packets entering any interface with a nat (interface) 1 command had to egress the DMZ3 interface to reach their destination.</P></BODY></HTML> Thu, 04 Oct 2012 14:59:21 GMT https://community.cisco.com/t5/network-security/global-nat-question/m-p/777985#M977711 Dhananjeyan Kaneshayogan 2012-10-04T14:59:21Z