Re: Confused on Nat 0 command syntax.

Randall White · ‎06-28-2003

Hi All,

I'm a bit confused on the syntax of the Nat 0 command. This was written by PDM, and I suspect it didn't do exactly what I wanted. My config has these lines:

global (outside) 1 interface

nat (inside) 0 access-list nat0_acl

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

nat (DMZ) 0 access-list nat0_acl

1. Does "nat (inside) 0" prevent translation (of the ACL addresses) to both the DMZ and Outside interfaces? Or just the Outside? I want the DMZ to see the native addresses from the inside.

2. Will "nat (DMZ) 0" prevent translation of DMZ addresses to the outside? Or inside, or both? I want all DMZ addresses to be Natted (sp?) to the outside, but not inside.

TIA, Randy

pcomeaux · ‎06-29-2003

Here's my thoughts:

1) Yes, if the ACL is written correctly for addresses intended to be reached on the outside and on the dmz without the inside address being translated.

2) Again, it depends on how the ACL is written. With your current statements, the DMZ will not be NAT'd as traffic from the DMZ flows to the OUTSIDE.

You would need a nat (dmz) 1 0.0.0.0 0.0.0.0 0 0 type of statement to make this happen. This would tie the dmz to the outside global statement.

If you can send a sample of your ACL, we can take a look.

hope this helps,

peter