Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
329
Views
0
Helpful
1
Replies

NAT. Acces to DMZ host from inside to both its Public and private address

darren.frowen
Level 1
Level 1

‎06-16-2014 08:41 AM - edited ‎03-11-2019 09:20 PM

Hi,

 

We have a unique requirement I think? We require that inside hosts, can access a host on the DMZ via both its public address and its private address.

 

So if the Real DMZ address is lets say 10.1.1.1 and its public address is 1.1.1.1 we need any host on the inside to be able to communicate with both its public and private address.

 

We have tried this published the public address to the inside and that works fine inside hosts can ping the public address. We then created a NAT Exempt rule to its real address, this does not work however and we get the following error.

 

no Translation group found for icmp.

 

Can this be technically done or are we completely off the track here?

 

Regards

Darren

Labels:
0 Helpful
1 Reply 1

rvarelac
Level 7
Level 7

‎06-16-2014 11:10 AM

Hi ,

As far as I know , It is possible and very common use NAT exceptions for that purpose.

Can you please check the following link and compare with you're config:

https://supportforums.cisco.com/document/44566/asa-83-nat-exemption-example-basic-l2l-vpn-and-basic-ra-vpn

Also check the release notes of the software version you're running and see if it's supported.

 

I hope this hep.

Regards ,

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card