Outside to DMZ NAT

markbowman · ‎12-20-2007

Can anyone tell me if the following nat is possible?

I have several ip addresses on the following network (192.168.34.0/24), which is the corporate network. Our firewall outside address is 192.168.64.11. Our dmz is 10.97.0.254, which connects directly to a VPN3000 that has a tunnel to a verizon wireless network. The only sa coming from our side of the tunnel can be 192.168.100.0/28. The far end wireless modems are on 192.168.33.0/24.

Can I have all 192.168.34.X addresses that come thru the firewall be natted to one address, for example 192.168.100.7? So if I was trying to telnet to 192.168.33.140 from 192.168.34.92, I want my sa to change to 192.168.100.7 and at the same time the guy in the cube next to me is telnetting to 192.168.33.141 from 192.168.34.118 and I want him to use 192.168.100.7 as well. Is this possible?

husycisco · ‎12-20-2007

Hi Mark

Is 192.168.34.0 your inside network? And want it to be natted to 192.168.100.7 at DMZ interface if the traffic is to the network at the remote site of tunnel? If yes, this is possible, post your config with your anser.

Regards

markbowman · ‎12-21-2007

No, .34.0 is on the outside interface. Using a static statement I can get 1 address to work. Also, at any one time 192.168.34.92 could need to get to 192.168.33.129, and then .141, and so on. I just want to be clear that any .34.X needs to be able to get to any 192.168.33.X and always use 192.168.100.7.

Attached is the config.