03-21-2018 04:34 AM - edited 02-21-2020 07:32 AM
Hello Guys
I have E-commerce server on the DMZ, needs to talk to DB server on inside
E-commerce = 172.16.1.100 on DMZ
DB = 192.168.1.100 on inside
is the below correct
object network E-Commerce
host 172.16.1.100
object network E-Commerce-Translated
host 17.16.1.100
nat (dmz,inside) static E-Commerce-Translated
access-list inside_acl permit tcp host 192.168.1.100 host 172.16.1.100 eq 81
access-group inside_acl in interface inside
thanks all
Solved! Go to Solution.
03-22-2018 12:50 AM
03-21-2018 06:11 AM
03-21-2018 10:01 AM - edited 03-21-2018 10:06 AM
Hello Florin
thanks for ur time to answer my Thread
pls allow me to ask couple of questions
1)so in cisco ASA code 9.x , NAT isn't required for access from DMZ to inside as lower security interface try to access high security interface ????
2) when do i need such below NAT , I Mean when do we need to translate DMZ hosts to inside hosts:
nat (dmz,inside) static E-Commerce-Translated
thanks
03-22-2018 12:50 AM
03-22-2018 02:06 AM
Hi,
NAT Control is out of everything. No more mandatory NAT config on ASA for a very long time now.
Thanks,
Octavian
03-23-2018 03:09 AM
Thanks Florin
kindly keep ur eyes on my future posts
thanks all
03-23-2018 06:38 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide