Outside to DMZ NAT

Unanswered Question
Dec 20th, 2007

Can anyone tell me if the following nat is possible?

I have several ip addresses on the following network (, which is the corporate network. Our firewall outside address is Our dmz is, which connects directly to a VPN3000 that has a tunnel to a verizon wireless network. The only sa coming from our side of the tunnel can be The far end wireless modems are on

Can I have all 192.168.34.X addresses that come thru the firewall be natted to one address, for example So if I was trying to telnet to from, I want my sa to change to and at the same time the guy in the cube next to me is telnetting to from and I want him to use as well. Is this possible?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Thu, 12/20/2007 - 14:11

Hi Mark

Is your inside network? And want it to be natted to at DMZ interface if the traffic is to the network at the remote site of tunnel? If yes, this is possible, post your config with your anser.


markbowman Fri, 12/21/2007 - 03:49

No, .34.0 is on the outside interface. Using a static statement I can get 1 address to work. Also, at any one time could need to get to, and then .141, and so on. I just want to be clear that any .34.X needs to be able to get to any 192.168.33.X and always use

Attached is the config.



This Discussion