cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

353
Views
0
Helpful
3
Replies
Alex Zmaczynski
Beginner

Static NAT inside to dmz

Hi:

I have a question about using static NAT.

I want to allow hosts on the inside interface to be able to access hosts in the dmz using their real dmz IP addresses.

inside: 10.0.0.1/21

security level 100

dmz: 172.31.0.1/21

security level 25

The following command worked:

static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.255.248.-

However, why didn't this command work?

static (dmz,inside) 172.31.0.0 172.31.0.0 netmask 255.255.248.0

Just curious.

Thanks,

Tony

3 REPLIES 3
varrao
Advocate

Hi Tony,

Going from Higher security interface to lower security interface, you essentially need a source nat, therefore first one is needed, if you do not have nat-control enabled, then you woudl just need the first statements and not second.

Thanks,

Varun

Thanks,
Varun Rao

Thank you, Varun.

I thought it probably had something to do with the security level.

Thanks,

Tony

No issues, let me know if you have any other concerns.

Varun

Thanks,
Varun Rao
Create
Recognize Your Peers
Content for Community-Ad