Firewall Tricky Scenario- Help Needed

Unanswered Question
Sep 4th, 2007
User Badges:


Currently I have a Server with Two NIC.

On 1st NIC I have LAN IP address

On 2nd NIC I have 2 Public IP address

Now I want to put this Server in the DMZ, but still needs to have 2 Public IP address as a pre-requiste for Microsoft Application.....

One Public IP address should not be natted but should be accessible through internet and the other IP Public IP address can be natted,

Is this Scenario possible???? If So please advice what steps are required for this Scenario....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Mon, 09/10/2007 - 12:05
User Badges:
  • Silver, 250 points or more

Yes, the scenario is possilbe. You will just need to open up the port and the public IP address of the server, which is to be accessible over the internet, using an access list on the firewall.

micheljoh Thu, 09/13/2007 - 21:59
User Badges:


This is no problem one way to do it is to exclude the ip from the nat by folliwing command

lets say the public ip you need to not nat is

create an access-list:

access-list no-nat permit ip host any

then create an exepmt nat policy

nat (DMZ) 0 access-list no-nat

Or you can simply use the static command:

static (DMZ,outside)

and then add an access-list on the outside interface permitting the trafic you need to

hope this help



This Discussion