Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1121
Views
0
Helpful
1
Replies

Nat from Outside (VPN POOL) to DMZ

mlowery
Level 1
Level 1

‎11-23-2006 12:44 AM - edited ‎03-11-2019 01:59 AM

I have a situation where I need to nat from our VPN Pool to a specific address on a dmz interface and use PAT to the DMZ interface IP.

Here is what I came up with, but does not work:

ip local pool vpnpool 192.168.200.5-192.168.200.250 mask 255.255.255.0

access-list vpnnatdmz permit ip 192.168.200.0 255.255.255.0 host 192.168.90.1

access-list nonatdmz permit ip host 192.168.90.2 192.168.200.0 255.255.255.0

access-list nonatdmz permit ip host 192.168.90.3 192.168.200.0 255.255.255.0

nat (dmz) 0 access-list nonatdmz

nat (outside) 5 access-list vpnnatdmz outside

global (dmz) 5 interface

So that when a vpn client accesses 192.168.90.1 on the dmz interface, it should be translated to the IP of the dmz interface.

I get the following error when I try to access that ip through the vpn client:

No translation group found for tcp src outside:192.168.200.6/2953 dst dmz:192.168.90.1/80

Any suggestion on how to do this would be great. I have this scenario working from the inside interface to the DMZ, but cannot get it to work from the outside to the DMZ.

Thanks,

Michael

Labels:
0 Helpful
1 Reply 1

zubairjalal
Level 1
Level 1

‎11-23-2006 02:54 AM

if i am not wrong the following statement is wrong--

nat (outside) 5 access-list vpnnatdmz outside

There should be no " outside" mentioned at the end of the nat statement.

It should only be

nat (outside) 5 access-list vpnnatdmz

--Pls rate if useful--

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card