Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
3
Replies

Static NAT inside to dmz

Alex Zmaczynski
Level 1
Level 1

‎10-17-2011 07:22 AM - edited ‎03-11-2019 02:38 PM

Hi:

I have a question about using static NAT.

I want to allow hosts on the inside interface to be able to access hosts in the dmz using their real dmz IP addresses.

inside: 10.0.0.1/21

security level 100

dmz: 172.31.0.1/21

security level 25

The following command worked:

static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.255.248.-

However, why didn't this command work?

static (dmz,inside) 172.31.0.0 172.31.0.0 netmask 255.255.248.0

Just curious.

Thanks,

Tony

Labels:
0 Helpful
3 Replies 3

varrao
Level 10
Level 10

‎10-17-2011 08:19 AM

Hi Tony,

Going from Higher security interface to lower security interface, you essentially need a source nat, therefore first one is needed, if you do not have nat-control enabled, then you woudl just need the first statements and not second.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Alex Zmaczynski
Level 1
Level 1
In response to varrao

‎10-17-2011 08:39 AM

Thank you, Varun.

I thought it probably had something to do with the security level.

Thanks,

Tony

0 Helpful

varrao
Level 10
Level 10
In response to Alex Zmaczynski

‎10-17-2011 09:50 AM

No issues, let me know if you have any other concerns.

Varun

Thanks,
Varun Rao
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card