Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,I'm facing the issue of not being able to access the "dmz" interface from behind the "internet" interface.Here is a breif portray of the topology:Input access list on the "internet" allows required traffic to 1xx.xxx.172.1.No nat is configured bet...
You got it correctly, except port mapping.You should read the nat rule by the following:nat (real_ifc,mapped_ifc) static interface service {tcp | udp} real_port mapped_portthat is:real_ifc = Insidemapped_ifc = Outsidereal_port = 8080 (behind real_ifc...
Remove them.Where from do you want to grant the access?Since the sec level of the DMZ and Inside is the same, and same security inter interface trafic is permitted, hosts from behind these interfaces must have access to each other.In order to network...
Yes Jouni, you are right!No need to delete # object-group network PAT-SOURCE, # nat (Inside,Outside) after-auto source dynamic PAT-SOURCE interface, and to create object for each network. Just to add networks behind the LAN router into the PAT-SOURCE...
