Access DMZ server from inside with public and private ip

Unanswered Question
Apr 26th, 2007
User Badges:
  • Green, 3000 points or more

I would like to access a dmz server with both public and private ip's from the inside. I can access private with


static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.255


and I can access by public with destination NAT


static (dmz,inside) 64.1.1.1 172.16.1.1 netmask 255.255.255.255


but I can't put them in at the same time or I get "no translation group found" when trying private ip. Any advice, I guess this isn't possible? ASA 7.2.1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
oabduo983 Thu, 04/26/2007 - 11:28
User Badges:
  • Bronze, 100 points or more

Hi,


Can you post the ip addresses on each interface? what do you mean by public IP? ip on the outside or ip on the dmz?


Regards,

acomiskey Thu, 04/26/2007 - 11:35
User Badges:
  • Green, 3000 points or more

Public meaning it's external address, 64.x.x.x. You can see the subnets by looking at the statics I posted but


inside - 192.168.1.x

dmz - 172.16.x.x

outside - 64.x.x.x


Dmz server private ip is 172.16.1.1.

Dmz server public ip is 64.1.1.1.


From inside I want to access dmz server by http://172.16.1.1 AND http://64.1.1.1.

Wizzle Fri, 04/27/2007 - 07:44
User Badges:

Look at this...static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.255.

I hope 192.168.1.0 isn't a network address or maybe you mean netmask 255.255.255.0.


acomiskey Fri, 04/27/2007 - 07:53
User Badges:
  • Green, 3000 points or more

That statement is correct and is very common. It allows the subnet 192.168.1.0 to communicate with the dmz.

Actions

This Discussion