08-24-2004 09:14 AM - edited 03-09-2019 08:34 AM
First off, thanks to all for your help (Especially Patrick). The DMZ questions I posted earlier have been resolved. However, I have a new question now...
I need out web box (DMZ) to communicate with our MS Exchange box (inside LAN). Would I go about doing this with a static statement or and access-list?
Also, we need use Terminal Services to access the web box in the DMZ as well. Would this work best with a static statement to the webox?
For example
static (inside,dmz) 172.16.23.50 192.168.1.10 netmask 255.255.255.255 0 0
08-24-2004 01:59 PM
Nevermind, I got it!
static (dmz,inside) LAN host, dmz host
08-24-2004 06:33 PM
There are a couple of options here:
You can use the static command 2 ways here. You can use the IP address of the dmz host in both places (LAN host and dmz host) which will turn off NAT for the IP address and allow it to be mapped directly into the inside.
You can also use an IP address in the Internal IP space if you want to hide the true IP address of the dmz host.
Without an access-list statement, the static statement does no good if you want to initiate from the DMZ. You need to specify which ports to allow to the inside. Note this is only for the direction of NAT-->Inside. Inside shouldn't have a problem communicating back (or starting communication) since the static statement turns off NAT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide