I am facing an issue , which needs your valuable support.
As per the attached diagram , remote users are getting ip address 192.168.2.x , internal IP = 192.168.1.x , DMZ ip = 172.16.1.x and 10.0.0.x network is accessed via router connected on DMZ in which i dont have control.
My issue is that remote users want to access 10.0.0.x network but they can't , at the same time they can access DMZ and internal network.
I have tried no NAT as below and i removed first line of ACL as well, but the result is same
access-list 160 permit ip 10.0.0.0 255.0.0.0 192.168.2.0 255.255.255.0
access-list 160 permit ip 172.16.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (dmz) 0 access-list 160
i wish to try NATing 192.168.2.x traffic using a DMZ IP addess when packets are destined to 10.0.0.x.
can some one suggest me on how to proceed ?
You need to look at a dynamic policy NAT and nating the VPN users to either the DMZ interface or an address within DMZ range which is dedicated to that purpose.
Sent from Cisco Technical Support iPad App
You could do a :
NAT (outside) 1 192.168.2.0 netmask 255.255.255.0 outside
global (dmz) 1 172.16.1.x
Can you do a packet-tracer and show us the result of that, this will lead us to a nat or something else issue.
The No_Nat configuration is perfect.
DO rate all the helpful posts
Here is what I want you to do now:
access-list test permit ip 192.168.2.0 255.255.255.0 10.0.0.0 255.255.255.0
nat (outside) 10 access-list test outside
global (dmz) 10 interface
Let me know the result.
Rate all the helpful posts