cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
296
Views
0
Helpful
2
Replies

Firewall Tricky Scenario- Help Needed

Amin Shaikh
Level 1
Level 1

Hi,

Currently I have a Server with Two NIC.

On 1st NIC I have LAN IP address

On 2nd NIC I have 2 Public IP address

Now I want to put this Server in the DMZ, but still needs to have 2 Public IP address as a pre-requiste for Microsoft Application.....

One Public IP address should not be natted but should be accessible through internet and the other IP Public IP address can be natted,

Is this Scenario possible???? If So please advice what steps are required for this Scenario....

2 Replies 2

didyap
Level 6
Level 6

Yes, the scenario is possilbe. You will just need to open up the port and the public IP address of the server, which is to be accessible over the internet, using an access list on the firewall.

micheljoh
Level 1
Level 1

Hi

This is no problem one way to do it is to exclude the ip from the nat by folliwing command

lets say the public ip you need to not nat is 65.65.65.65

create an access-list:

access-list no-nat permit ip host 65.65.65.65 any

then create an exepmt nat policy

nat (DMZ) 0 access-list no-nat

Or you can simply use the static command:

static (DMZ,outside) 65.65.65.65 65.65.65.65

and then add an access-list on the outside interface permitting the trafic you need to

hope this help

regards//Michel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: