Static NAT Question

Unanswered Question
Feb 22nd, 2008
User Badges:

I am building a connection from DMZ to inside and need to translate the real address to a hidden address so that users on DMZ LAN can access resources on inside connected LAN by the hidden address. This is the static that I built, I am not sure that it is working. Can someone double check, please.

static (inside,dmz1) netmask is the bogus address and is the address for the server on inside interface.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
JORGE RODRIGUEZ Fri, 02/22/2008 - 12:22
User Badges:
  • Green, 3000 points or more

Your static is correct , say for sake of example you permit RDP tcp traffic to from DMZ host whose ip is


static (inside,DMZ1) netmask

access-list DMZ1_access_in permit tcp host host eq 3389

access-group DMZ1_access_in interface DMZ1



vantipov Sat, 02/23/2008 - 04:30
User Badges:

Thank you for your reply. This is working now.

abinjola Fri, 02/22/2008 - 15:05
User Badges:
  • Cisco Employee,

static (inside,dmz1), well make sure is the free ip from the pool on DMZ

also add access-l permit icmp any any

and try to ping and see what you get in debug icmp trace ?

JORGE RODRIGUEZ Fri, 02/22/2008 - 15:38
User Badges:
  • Green, 3000 points or more

My above reply has been tested in a working LAB environment and fully functional using original poster IP scheme, please wait until original poster replies with results before moving into debuging processies etc..



This Discussion