Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
451
Views
0
Helpful
5
Replies

DMZ servers to beaccessed on PUBLIC IP from inside network

parthibanp
Level 1
Level 1

‎04-26-2006 02:30 AM - edited ‎03-09-2019 02:43 PM

Hi

I am working in a datacenter setup where i need to access my DMZ servers in 10.1.14.0 subnet from inside network like 10.1.8.0. When i call the dmz servers with the public ip iam not able to reach whereas when i call with its real ip i am reaching all the dmz servers.

i have tried the alias command for a test case to map the public ip to my dmz real ips and find things working fine, ie iam able to reach my dmz servers with public ip,

but unforunately as iam using asdm, asdm does not supports alias command now i have to use the outside nat or bidirectional nat feature for this functionality.

can any one help me out how do i configure destination nat that is when i access the dmz servers from inside network with the public ip i need it should get natted to private ip as well i should be able to reach this dmz servers with its real private ip

Thanks in advance

Regards

The alias command that i tried is

alias (inside) 10.1.14.25 210.212.x.x netmask 255.255.255.255

Labels:
0 Helpful
5 Replies 5

Fernando_Meza
Level 7
Level 7

‎04-26-2006 04:02 AM

You could try from the command line:

1.- nat (dmz,inside) 10.1.14.25 210.212.x.x netmask 255.255.255.255

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to Fernando_Meza

‎04-26-2006 04:04 AM

oops ..

I meant to say

static (dmz,inside) 10.1.14.25 210.212.x.x netmask 255.255.255.255

0 Helpful

parthibanp
Level 1
Level 1
In response to Fernando_Meza

‎04-26-2006 09:20 PM

No it doesnt works, if i add this line i loose even my private ip access that is 10.1.14.25

what is outside nat or bidirectional nat and how do u configure it. pls reply if u have come across

thanks in advance

regards

Parthiban

0 Helpful

Fernando_Meza
Level 7
Level 7
In response to parthibanp

‎04-27-2006 05:24 AM

BAsically Outside nat applied to traffic from lower security interfaces (i.e outside ) to giher security interfaces ( i.3 inside ).

Static (dmz,inside) 10.10.10.10 203.203.203.203 netmask 255.255.255.255

indicates that the hosts 203.203.203.203 which is located on the dmz segment ( lower security ) appears as 10.10.10.10 to the inside segment (higer security ).

I suggest you tohave a look at this link which gives a great explanation in regards to teh different types of nat.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml#topic12

0 Helpful

jaoua
Level 1
Level 1

‎05-02-2006 03:40 AM

I suppose that the translation command would be instead like that:

static (inside,dmz) 10.1.14.25 210.212.x.x netmask 255.255.255.255

(Ensure that you put ACL on inside interface permitting traffic from DMZ to INSIDE

Access-list MyACL permit host 210.212.x.x 10.1.8.0 255.255.255.0

access-group MyACl in interface inside

MAy be it could work. Please Tell me if it works. For me it's a real excercise as I'm preparing SNPA exam. Good luck

0 Helpful
Customers Also Viewed These Support Documents