Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
8
Helpful
2
Replies

Basic natting ( or no natting) question

thurgoodj187
Level 1
Level 1

‎01-09-2007 02:22 PM - edited ‎03-11-2019 02:17 AM

I have a 515 running 6.3.3 with a DMZ. I am having some problems understanding the natting for the DMZ. Basically I have an internal network (10.0.0.0/8), DMZ (172.18.5.0/24), and outside (0.0.0.0/0)

I would like a DMZ server to be able to address the internal server with the 10.0.0.0 address without a nat. Basically I would like the DMZ to know the real addresses of the inside, and the inside to know about the real addresses of the outside. I would also still be needing to keep the dmz servers statically natted to the outside of course. Am I missing something, or do I just need two nat 0 statements? After that I should just be able to create ACLs for lower security interfaces to get to higher...

I am still getting the no translation messages...

Labels:
0 Helpful
2 Replies 2

froggy3132000
Level 3
Level 3

‎01-09-2007 06:17 PM

I think it should be something like the following.

static (inside,dmz) 172.18.5.0 172.18.5.0 netmask 255.255.255.0

cpembleton
Level 4
Level 4

‎01-09-2007 08:22 PM

Use the static command to translate the dmz and inside address to itself. Leave your static for the dmz to outside.

static (internal-interface, external) global-ip local-ip netmask MASK

static (dmz, inside) 172.18.5.0 172.18.5.0 netmask 255.255.255.0

static (inside, dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

Thanks,

Chad

Please rate if this helps!

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card