07-30-2020 06:18 AM
Hello. I've done a search for a problem such as mine but haven' been successful.
I have three interfaces, Inside, Outside, and DMZ. I have already setup Inside to Outside and Inside to DMZ nat and ACLS. I however cannot get Outside to DMZ working correctly. How do I have the DMZ Web server (80 and 443) IP be translated to the Outside interface IP? My interface configurations are shown below;
Outside IP: 200.200.200.2/24 next hope 200.200.200.1
DMZ: 172.16.1.253/24
Whenever I try to use the Outside IP in a nat statement, I get the error that the address overlaps with the Outside address.
07-30-2020 11:58 AM
07-31-2020 07:06 AM
As I could not use the OUTSIDE address, I decided to use another (200.200.200.10). This is what seemed to work;
object network WEBSERVER
host 172.16.1.253
object network WEBSERVER
nat (DMZ,OUTSIDE) static 200.200.200.10
access-list OUT-TO-DMZ extended permit tcp any host 172.16.1.253 eq www
However, accessing the address from a web-term appliance still times out. See the packet-tracer output in the attached file.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide