Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
2
Replies

Unclear on destination NAT

rdassow
Level 1
Level 1

‎06-24-2003 05:09 AM - edited ‎03-09-2019 03:47 AM

I fully understand the alias command, and I have been using it. However I want to use PDM and the alias command is not supported. I've read the document on Destination NAT but I'm still not sure how to convert my alias statments to static statements.

I have a web server on the dmz that I want to be accessed from the inside as it's global IP address (it's actual address is 192.168.50.50)

My alias statement looks like this:

alias (inside) 216.170.X.X 192.168.50.60 255.255.255.255

This works fine (although it is annoying that once this statement is in place, I can *ONLY* access it via its global IP and NOT able to access it via its 192.168.50.60 address as I can when the alias statement is not in place)

Can anyone help me understand how to accomplish the same thing with destination NAT static statement since alias command is being retired??

ryan

Labels:
0 Helpful
2 Replies 2

msitzman
Cisco Employee
Cisco Employee

‎06-24-2003 12:46 PM

Hello there,

The static statement that would replace your alias statement is as follows:

static (intf2, inside) 216.170.x.x 192.168.50.60 netmask 255.255.255.255

This says, hide the host on the dmz from the inside using the global address 216.170.x.x.

So if you have a clear xlate and initiate a connection the dmz host from the inside, you should see a translation built from the inside host going to the dmz, even if it is using it's own address. The you should see a translation for the dmz host from the global to the dmz real address. Once both translations get built, the connection will be built as an outbound conection.

Hope this helps,

Marcus

0 Helpful

aboelhouwers
Level 1
Level 1
In response to msitzman

‎08-06-2003 04:13 AM

Dear Marcus,

I don't understand your static command because Cisco Configurtion Documentation says that the first parameter in the static statement must be a high security level interface. The second parameter a low security level interface.

Regards

Aad

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents