05-20-2012 06:22 AM - edited 03-11-2019 04:09 PM
Dear all,
I am facing an issue , which needs your valuable support.
As per the attached diagram , remote users are getting ip address 192.168.2.x , internal IP = 192.168.1.x , DMZ ip = 172.16.1.x and 10.0.0.x network is accessed via router connected on DMZ in which i dont have control.
My issue is that remote users want to access 10.0.0.x network but they can't , at the same time they can access DMZ and internal network.
I have tried no NAT as below and i removed first line of ACL as well, but the result is same
access-list 160 permit ip 10.0.0.0 255.0.0.0 192.168.2.0 255.255.255.0
access-list 160 permit ip 172.16.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (dmz) 0 access-list 160
i wish to try NATing 192.168.2.x traffic using a DMZ IP addess when packets are destined to 10.0.0.x.
can some one suggest me on how to proceed ?
05-20-2012 02:44 PM
Hi,
You need to look at a dynamic policy NAT and nating the VPN users to either the DMZ interface or an address within DMZ range which is dedicated to that purpose.
Sent from Cisco Technical Support iPad App
05-20-2012 03:25 PM
Hello,
You could do a :
NAT (outside) 1 192.168.2.0 netmask 255.255.255.0 outside
global (dmz) 1 172.16.1.x
Can you do a packet-tracer and show us the result of that, this will lead us to a nat or something else issue.
The No_Nat configuration is perfect.
Regards,
Julio
DO rate all the helpful posts
05-21-2012 07:08 AM
05-26-2012 07:18 AM
Hi all ,
As jcarvaja sujested i have tried the NAT config but no luck.
Please provide me a solution .
05-26-2012 02:30 PM
Hello,
Here is what I want you to do now:
access-list test permit ip 192.168.2.0 255.255.255.0 10.0.0.0 255.255.255.0
nat (outside) 10 access-list test outside
global (dmz) 10 interface
Regards,
Let me know the result.
Rate all the helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide