05-20-2008 01:35 AM - edited 03-11-2019 05:47 AM
I don't know if this is possible, would appreciate any insight.
I have a host on my perimeter interface (DMZ) Natted to outside with a public IP address. I want to access this host on the DMZ using its Natted public IP address (on the outside interface). So far i have no success.
Thanks in advance.
Jon
Solved! Go to Solution.
05-20-2008 11:00 PM
NP - it got me thinking, could not let it go, had to test it ;o)
Good question - sadly no, the PIX/ASA does not use that logic, the syntax is correct:-
static (dmz,inside) x.x.x.x y.y.y.y 255.255.255.0
x.x.x.x - external IP
y.y.y.y - dmz ip
05-20-2008 02:24 AM
Jon,
Are you trying to access the DMZ host using the outside IP from the inside?
05-20-2008 02:28 AM
Yes, im trying to access the dmz host via its natted ip on the outside (public IP).
05-20-2008 02:54 AM
I stand corrected - but as far as I am aware this is not possible.
Going from the inside - to the outside, back into the outside into the DMZ. From the DMZ to the outside, back into the outside into the inside.....does this cover it?
I just cannot see how that is possible - or even why you would want to do it?
05-20-2008 03:11 AM
However with the above, it had peaked my interest - I have just been in the lab and found a way to do it:-
static (dmz,inside) xx.xx.xx.xx ii.ii.ii.ii netmask 255.255.255.255
Where xx.xx.xx.xx is the EXTERNAL address and ii.ii.ii.ii is the address on the DMZ
HTH.
05-20-2008 04:47 PM
Hi Andrew,
Glad that you get out of your way to test this on your lab.
One question though, isn't it the syntax for static goes this way:
Static (high_security_int,low_security_int) low_ip high_ip netmask 255.255.255.255 ???
Where INSIDE is always the highest security interface, etc. So just wondering if the command syntax is right.
Will have to test this as well.
05-20-2008 11:00 PM
NP - it got me thinking, could not let it go, had to test it ;o)
Good question - sadly no, the PIX/ASA does not use that logic, the syntax is correct:-
static (dmz,inside) x.x.x.x y.y.y.y 255.255.255.0
x.x.x.x - external IP
y.y.y.y - dmz ip
05-21-2008 12:46 AM
It does work! Thanks so much! Im rating your response.
05-21-2008 12:50 AM
Excellent - no problem - thanks very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide