06-23-2003 07:17 AM - edited 03-09-2019 03:46 AM
I have a 10.x.x.x network on the inside interface (100). I have semi-rogue network being hooked up to ethernet6 (90) which is going to be 10.y.y.y. I would like for the 10.y.y.y network be able to see all the servers on the inside with the original 10.x.x.x addresses. Is this possible? if so, how?
06-23-2003 11:40 AM
yup.
you probably have a nat 1 statements for all traffic from that interface. what you want to add is a nat 0 access-list statement that selective excludes traffic from nat. If 1.2.3.0/24 was the netblock used on e6, then this is basically what you would want to do:
access-list 106 permit ip 10.x.x.x 255.0.0.0 1.2.3.0 255.255.255.0
nat (inside) 0 access-list 106
this would stop 10.0.0.0/8 from natting traffic only when the destination is 1.2.3.0/24
06-23-2003 02:53 PM
Yes,
Just to create a static statement using the same IP for low sec & high sec interface:
static (inside,dmz) 10.x.x.x 10.x.x.x netmask 255.0.0.0
access-list ondmz ip 10.y.y.y 255.0.0.0 10.x.x.x 255.0.0.0
access-group ondmz interface dmz
I write it roughly, check the syntax to be sure
Ben
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide