Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
794
Views
0
Helpful
1
Replies

problems with NAT in DMZ

Christian6
Level 1
Level 1

‎03-13-2012 01:46 AM - edited ‎03-07-2019 05:31 AM

Dear all,

I'm trying to setup a secure network for hosting a webapplication. I'm using 2 cisco 1841 routers for setting up a DMZ.

I have succesfully created a NAT from the WebServer (192.168.1.2) to the Internet (209.165.200.227) and a NAT from AdministratorPC (192.168.10.2, VLAN 10) to the internet, using NAT overloading.

For the above to work, I've set interface fa0/0 on DMZRouter (the one to the internet, 209.165.200.0/24) to 'nat outside'.

Interface fa0/1 on DMZRouter (to the webserver, 192.168.1.0/29) and interface s0/0/0 on DMZRouter (to OfficeRouter) are set to 'nat inside'.

What I'm missing now is a NAT from DatabaseServer to the 192.168.1.0/29 network. But to create this NAT we must set interface fa0/1 on DMZRouter (to the WebServer, 192.168.1.0/29) to 'nat outside', but that is not possible because it should also be 'nat inside' (for the above NATs to work).

Is there any way to solve this?

Thanks in advance,

Christian

packettracer.png

Labels:
0 Helpful
1 Reply 1

dominic.caron
Level 5
Level 5

‎03-16-2012 06:22 AM

Why are you trying to NAT from the DMZ to the inside network. There is no security benefit to doing that and it will make troubleshooting more difficult.

0 Helpful
Customers Also Viewed These Support Documents