dmz to outside working but what if outside to outside

Sheraz.Salim · ‎09-21-2016

DMZ-ATM web page can access from internet to its pubic ip address. but for underground_wlan what rules i need to apply please any help will be highly appreciated.

interface GigabitEthernet0/2.1
vlan 9
nameif UNDERGROUND_WLAN
security-level 0
ip address 192.168.26.1 255.255.254.0

object network wireless_underground_wlan
subnet 192.168.26.0 255.255.254.0
nat (underground,outside) source dynamic wireless_underground_wlan interface

interface GigabitEthernet0/1.14
description DMZ-ATM
vlan 19

nameif DMZ-ATM
security-level 1
ip address 172.78.79.129 255.255.255.240

object network sweet_pie
host 172.78.79.131
nat (DMZ-19,outside) static 8.8.8.8
access-list DMZ-19_IN extended permit icmp host 172.78.79.131 any echo-reply
access-list DMZ-19_IN extended permit ip any host 172.78.79.131

access-group DMZ-19_IN in interface DMZ-19

interface gig 1/0

nameif outside

security-level 0

ip address 2.3.4.5 255.255.255.0

same-security-traffice permit inter-interface

access-group outside_access_in in interface outside

please do not forget to rate.

Aditya Ganjoo · ‎09-21-2016

Hi,

You need the same rule for underground_wlan as well, just change the outside interface to the underground one :

nat (dmz,underground) source static <real ip> <mapped IP>

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Sheraz.Salim · ‎09-21-2016

Thank you for the reply,

just to confirm the syntax

object network testiing

host 172.78.79.131

nat (DMZ-19,underground) static underground_wireless

access-list DMZ-19_IN extended permit icmp host 172.78.79.131 any echo-reply
access-list DMZ-19_IN extended permit ip any host 172.78.79.131

access-group underground in interface underground_wlan

or

i have to follow

nat (DMZ-19,underground) source static <real ip> 172.78.79.131 <mapped ip> Public ip address

please do not forget to rate.