Solved: There is also IOS Firewall.

louis0001 · ‎05-23-2016

Hi,

I have an OUTSIDE interface (goes to another private network 10.1.1.254/24)

On the INSIDE interface (192.168.200.0/24) we have various servers. These are statically natted to a different ip eg 10.1.1.1 > 192.168.200.1, 10.1.1.2 > 192.168.200.10 etc

There is no dynamic nat from the INSIDE to the OUTSIDE or no global nat set.

I now need to add a DMZ (172.31.1.1/24) with dynamic NAT to the OUTSIDE. Will this break the static nat's (on the INSIDE interface) already in place?

Philip D'Ath · ‎05-24-2016

There is also IOS Firewall.

You can add a dynamic NAT for just the DMZ to the outside interface without breaking the existing static NAT (assuming the IP addresses don't overlap anywhere).

View solution in original post

Philip D'Ath · ‎05-23-2016

It would help if you could at least say what kind of device you have. Cisco 800 series running IOS, Cisco ASA 5505 running 8.4(7), etc.

Could you post your current NAT configuration?

louis0001 · ‎05-23-2016

Sorry, Because I posted in firewalling I assumed it would be an ASA. It's an ASA 5510 running 8.2

Philip D'Ath · ‎05-24-2016

There is also IOS Firewall.

You can add a dynamic NAT for just the DMZ to the outside interface without breaking the existing static NAT (assuming the IP addresses don't overlap anywhere).

Another NAT question.....