01-09-2007 02:22 PM - edited 03-11-2019 02:17 AM
I have a 515 running 6.3.3 with a DMZ. I am having some problems understanding the natting for the DMZ. Basically I have an internal network (10.0.0.0/8), DMZ (172.18.5.0/24), and outside (0.0.0.0/0)
I would like a DMZ server to be able to address the internal server with the 10.0.0.0 address without a nat. Basically I would like the DMZ to know the real addresses of the inside, and the inside to know about the real addresses of the outside. I would also still be needing to keep the dmz servers statically natted to the outside of course. Am I missing something, or do I just need two nat 0 statements? After that I should just be able to create ACLs for lower security interfaces to get to higher...
I am still getting the no translation messages...
01-09-2007 06:17 PM
I think it should be something like the following.
static (inside,dmz) 172.18.5.0 172.18.5.0 netmask 255.255.255.0
01-09-2007 08:22 PM
Use the static command to translate the dmz and inside address to itself. Leave your static for the dmz to outside.
static (internal-interface, external) global-ip local-ip netmask MASK
static (dmz, inside) 172.18.5.0 172.18.5.0 netmask 255.255.255.0
static (inside, dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
Thanks,
Chad
Please rate if this helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide