Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
1
Replies

access issue

bmarms
Level 1
Level 1

‎09-09-2011 11:40 AM - edited ‎03-11-2019 02:22 PM

I have two DMZ segments.  The primary DMZ segment contains web servers and is NAT'd to external ip addresses.  The secondary DMZ is a guest network and is NAT'd to a global pool with an address in the same public scheme as my web servers.  The users in the secondary DMZ receive their DNS info from an external DNS server which resolves my web servers to their public ip addresses.  I cannot access my web servers via their public ip addresses from my second DMZ segment.  looks something like this (addresses are fictional):

DMZ1, web server 192.168.0.1 natted to 1.1.1.1, DNS record www.mysite.com

DMZ2 client 192.168.2.1 natted globaly to 1.1.1.10

attempt to access www.mysite.com from DMZ2 client fails.

any ideas?

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎09-09-2011 11:49 AM

If the DNS request also goes through this firewall then with dns inspection you can enable the "dns" keyword on the static line and accomplish what you want to achive.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml

Otherwise you need something called a D-NAT.

static (dmz1,dmz2) 1.1.1.1 192.168.0.1

If dmz2 interface sees a packet destined to 1.1.1.1 it will change the dest. ip to 192.168.0.1 and send it to the dmz1 interface.

-KS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card