01-24-2011 01:54 PM - edited 03-11-2019 12:39 PM
I need to NAT the DMZ vlan to a non interface IP for internet access.
I was thinking of doing a static command
static (DMZ,outside) 192.168.1.1 1.2.3.4 255.255.255.255
or if I need to do a global nat?
global (DMZ) 2 <external IP>
nat (DMZ) 0 access-list NoVPN_NAT
nat (DMZ) 2 192.168.1.0 255.255.255.0
Solved! Go to Solution.
01-24-2011 02:10 PM
Hi,
If you want to NAT a host or network to allow internet access, you can use dynamic NAT (nat/global)
The static NAT is usually to allow inbound access like when you want to make a web server publicly available.
Hope it helps.
Federico.
01-24-2011 02:11 PM
If the outside need to initiate traffic to dmz host, you need use the static NAT.
Otherwise, the following should work
global (OUTSIDE_Interface_name) 2
nat (DMZ) 0 access-list NoVPN_NAT
nat (DMZ) 2 192.168.1.0 255.255.255.0
01-24-2011 02:10 PM
Hi,
If you want to NAT a host or network to allow internet access, you can use dynamic NAT (nat/global)
The static NAT is usually to allow inbound access like when you want to make a web server publicly available.
Hope it helps.
Federico.
01-24-2011 02:11 PM
If the outside need to initiate traffic to dmz host, you need use the static NAT.
Otherwise, the following should work
global (OUTSIDE_Interface_name) 2
nat (DMZ) 0 access-list NoVPN_NAT
nat (DMZ) 2 192.168.1.0 255.255.255.0
01-24-2011 05:31 PM
Thanks, I was pretty sure I was close, but didn't feel like testing on a production unit.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide