05-15-2008 10:20 AM
Hi Experts,
I have two interface dmz(S. level 90) and wan(s. level 60) i have two nat exemption rule
nat (dmz) 0 0.0.0.0 0.0.0.0
nat (wan) 0 0.0.0.0 0.0.0.0
i have one another static nat rule:
static(dmz,wan) 10.10.10.10 10.10.10.10
when i try to removing this natting rule, i get connection loss from wan..
after adding same static rule again get connection from wan to dmz..
please revert with proper solution to exempt nat.
Thanks in advance.........
Amit
05-16-2008 02:17 AM
Amit,
A better way of doing what you are trying to acheve, is policy based NAT, something like:-
nat (dmz) 0 access-list DMZ_WAN
access-list DMZ_WAN extended permit ip <
What hardware are you running? What version of code are you running?
HTH.
05-18-2008 06:04 PM
is nat-control enabled?
05-18-2008 10:47 PM
yes nat-control enabled.....
05-20-2008 07:01 PM
I believe is you do a no nat-control then you wont need any NAT statements because you are trying to push traffic from DMZ to wan with is a lower security level and with NAT-control no enabled that traffic will not get NAT'd anyways.
05-20-2008 08:21 PM
Thnks for ur reply...
now i got another major solution that is not documneted on cisco site, i taking confimration from cisco for same changes.
now i am closing this coversation
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide