nating for dmz to inside

mitang.prajapati · ‎07-16-2009

hello,

i want to know about natting applying from dmz to intranet for security leve is 50 and 90 respectively.

now how i can do natting of this condition.

Collin Clark · ‎07-16-2009

The easiest way is to NAT the entire subnet to the destination network (kinda makes it look like routing).

static (inside,dmz) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

The inside network is 192.168.5.0.

Hope that helps.

mitang.prajapati · ‎07-16-2009

ok this is good

but tell me i have to redirect port also.

Collin Clark · ‎07-16-2009

You can redirect a port with a more specific NAT.

static (inside,dmz) tcp 192.168.5.15 80 192.168.5.15 8080 netmask 255.255.255.255

This would translate port 80 to port 8080.

mitang.prajapati · ‎07-16-2009

yes this is very helpful now tell me now i have this same scenario which u tell me .

but i want natting from dmz to outside and dmz to intranet zone for same application and port is like 8080 to 80

so what i give to nating so my application can run

i give the both natting but its not working.

static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 255.255.255.255

static (dmz,intranet) tcp 10.10.10.10 8080 192.168.1.2 255.255.255.255

now tell me what more i give command ?

Collin Clark · ‎07-17-2009

You should have got errors when entering those commands.

static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 80 255.255.255.255

I don't understand the intranet to DMZ. If you're going from intranet to DMZ, you don't need a static because of the security level of the interfaces.

hussain.ratlami · ‎07-21-2009

i think your Nat entries should be like this:-

static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 80 netmask 255.255.255.255

static (dmz,intranet) tcp 10.10.10.10 8080 192.168.1.2 80 netmask 255.255.255.255