12-22-2010 09:41 AM - edited 03-11-2019 12:26 PM
Hi ,
Is the following a workable config on FWSM or on ASA?
static (DMZ,DMZ) 10.10.10.111 192.168.26.111 netmask 255.255.255.255
Thank you
Sri
Solved! Go to Solution.
12-22-2010 10:17 AM
static NAT should be
static (dmz,dmz) 192.168.26.111 10.10.10.111
you also need "same-security-traffic permit intra-interface"
On server 10.10.10.111, you need to make sure the return traffic will be sent to ASA instead of Rou-1.
12-22-2010 10:17 AM
static NAT should be
static (dmz,dmz) 192.168.26.111 10.10.10.111
you also need "same-security-traffic permit intra-interface"
On server 10.10.10.111, you need to make sure the return traffic will be sent to ASA instead of Rou-1.
12-22-2010 11:00 AM
Thank you Youdong,
I also need to initiate traffic form BOTH of the servers.
Would this need any additional considerations? Both directions have
1/ smae static map
and also
2/ differeing static IP address maps
Sri
12-22-2010 11:21 AM
But per my testing, it works in both directions. Both sides can initiate the traffic since you are using static NAT.
Beside what I mentioned in the last post, you need make sure you have route added in your ASA correctly.
For example, you need add a route on ASA to route traffic destinate to 192.168.26.111 to 10.10.10.111.
You might need to add "permit ip host 10.10.10.111 host 172.24.24.111" on the ACL applied to dmz interface as well.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide