I'm looking for clear guidelines, as the Cisco command ref, config guides etc do not cover all the combination of options for established from low to high and high to low security interface, NAT (inside/outside), Indentity NAT, Outside keep same IP addresses, use of Statics, DNS doctoring etc
Are there some guidelines on the Internet or that someone has written and can share?
For example is this use of static correct to enable establishing a session from 192.168.0.11 on a low security dmz to a higher dmz address 10.20.2.2 without NAT translation.
ip address dmzlow 192.168.0.254 255.255.255.0
ip address dmzhigh 192.168.6.1 255.255.255.252
route 10.20.2.0 255.255.255.240 192.168.6.2 1
access-list acl_dmzlow permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0
access-group dmzlow in interface dmzlow
static (dmzlow,dmzhigh) 10.20.2.0 10.20.2.0 netmask 255.255.255.240 0 0
Thanks
Mick