Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
394
Views
0
Helpful
1
Replies

nat

Go to solution
Tahir Sultanov
Level 1
Level 1

‎04-22-2016 01:06 AM - edited ‎03-10-2019 12:38 AM

Hello,

Just want to understand this syntaxs. How come nating from outside to outside outside to dmz?

nat (outside,DMZ1) source static any any destination static obj-server1 FW11_NAT unidirectional

nat (outside,outside) source static DM_INLINE_NETWORK_34 DM_INLINE_NETWORK_34 destination static DM_INLINE_NETWORK_90 DM_INLINE_NETWORK_90 no-proxy-arp route-lookup

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎04-22-2016 01:18 AM

Hello Tahir,

The first nat statement is used to allow any source user (from outside) to get translated to itself (nat exemption)  while the destination (on dmz) is translated from obj-server1  to FW11_NAT.


The second nat statement is a nat exemption statement to allow the traffic from DM_INLINE_NETWORK_34 (coming on outside interface) to get self-translated to itself while the destination DM_INLINE_NETWORK_90 (also on outisde interface) is self-translated as well.

The second nat is used when you wish to allow the traffic from one VPN tunnel peer to communicate to another VPN tunnel peer OR allowing traffic from SSL VPN user to communicate to another VPN tunnel peer/SSL VPN user.

Hope this helps.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Dinesh Moudgil
Cisco Employee
Cisco Employee

‎04-22-2016 01:18 AM

Hello Tahir,

The first nat statement is used to allow any source user (from outside) to get translated to itself (nat exemption)  while the destination (on dmz) is translated from obj-server1  to FW11_NAT.


The second nat statement is a nat exemption statement to allow the traffic from DM_INLINE_NETWORK_34 (coming on outside interface) to get self-translated to itself while the destination DM_INLINE_NETWORK_90 (also on outisde interface) is self-translated as well.

The second nat is used when you wish to allow the traffic from one VPN tunnel peer to communicate to another VPN tunnel peer OR allowing traffic from SSL VPN user to communicate to another VPN tunnel peer/SSL VPN user.

Hope this helps.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful
Customers Also Viewed These Support Documents