NAT public IP to IP inside DMZ

Unanswered Question
Jun 21st, 2007
User Badges:

I am trying to NAT an outside IP address to an address in the DMZ and allow only port 80 to that ip address in the dmz.


I'm not that familiar with DMZ configuration, what would the configuration for that look like?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
acomiskey Thu, 06/21/2007 - 09:56
User Badges:
  • Green, 3000 points or more

pix ip address outside = 1.1.1.1

pix ip address dmz = 192.168.200.1

webserver = 192.168.200.10

webserver outside ip = 1.1.1.2


static (dmz,outside) 1.1.1.2 192.168.200.10 netmask 255.255.255.255

access-list outside permit tcp any host 1.1.1.2 eq 80

access-group outside in interface outside



or if you're using 1.1.1.1 to access webserver you could have this...


static (dmz,outside) interface 192.168.200.10 netmask 255.255.255.255


or port translate like this...


static (dmz,outside) tcp interface 80 192.168.200.10 80 netmask 255.255.255.255

Actions

This Discussion