Static NAT Question

Unanswered Question
Feb 22nd, 2008
User Badges:

I am building a connection from DMZ to inside and need to translate the real address to a hidden address so that users on DMZ LAN can access resources on inside connected LAN by the hidden address. This is the static that I built, I am not sure that it is working. Can someone double check, please.

static (inside,dmz1) 192.168.34.10 170.254.34.10 netmask 255.255.255.255

192.168.34.10 is the bogus address and 170.254.34.10 is the address for the server on inside interface.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
JORGE RODRIGUEZ Fri, 02/22/2008 - 12:22
User Badges:
  • Green, 3000 points or more

Your static is correct , say for sake of example you permit RDP tcp traffic to 192.168.34.10 from DMZ host whose ip is 192.168.34.200.


e.g


static (inside,DMZ1) 192.168.34.10 170.254.34.10 netmask 255.255.255.255

access-list DMZ1_access_in permit tcp host 192.168.34.200 host 192.168.34.10 eq 3389

access-group DMZ1_access_in interface DMZ1



Rgds

Jorge


vantipov Sat, 02/23/2008 - 04:30
User Badges:

Thank you for your reply. This is working now.

abinjola Fri, 02/22/2008 - 15:05
User Badges:
  • Cisco Employee,

static (inside,dmz1) 192.168.34.10 170.254.34.10, well make sure 192.168.34.10 is the free ip from the pool on DMZ


also add access-l permit icmp any any


and try to ping and see what you get in debug icmp trace ?

JORGE RODRIGUEZ Fri, 02/22/2008 - 15:38
User Badges:
  • Green, 3000 points or more

My above reply has been tested in a working LAB environment and fully functional using original poster IP scheme, please wait until original poster replies with results before moving into debuging processies etc..



Jorge


Actions

This Discussion