Firewall Tricky Scenario- Help Needed

Unanswered Question
Sep 4th, 2007

Hi,

Currently I have a Server with Two NIC.

On 1st NIC I have LAN IP address

On 2nd NIC I have 2 Public IP address

Now I want to put this Server in the DMZ, but still needs to have 2 Public IP address as a pre-requiste for Microsoft Application.....

One Public IP address should not be natted but should be accessible through internet and the other IP Public IP address can be natted,

Is this Scenario possible???? If So please advice what steps are required for this Scenario....

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Mon, 09/10/2007 - 12:05

Yes, the scenario is possilbe. You will just need to open up the port and the public IP address of the server, which is to be accessible over the internet, using an access list on the firewall.

micheljoh Thu, 09/13/2007 - 21:59

Hi

This is no problem one way to do it is to exclude the ip from the nat by folliwing command

lets say the public ip you need to not nat is 65.65.65.65

create an access-list:

access-list no-nat permit ip host 65.65.65.65 any

then create an exepmt nat policy

nat (DMZ) 0 access-list no-nat

Or you can simply use the static command:

static (DMZ,outside) 65.65.65.65 65.65.65.65

and then add an access-list on the outside interface permitting the trafic you need to

hope this help

regards//Michel

Actions

This Discussion