Static NAT Question

Unanswered Question
Feb 22nd, 2008

I am building a connection from DMZ to inside and need to translate the real address to a hidden address so that users on DMZ LAN can access resources on inside connected LAN by the hidden address. This is the static that I built, I am not sure that it is working. Can someone double check, please.

static (inside,dmz1) 192.168.34.10 170.254.34.10 netmask 255.255.255.255

192.168.34.10 is the bogus address and 170.254.34.10 is the address for the server on inside interface.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
JORGE RODRIGUEZ Fri, 02/22/2008 - 12:22

Your static is correct , say for sake of example you permit RDP tcp traffic to 192.168.34.10 from DMZ host whose ip is 192.168.34.200.

e.g

static (inside,DMZ1) 192.168.34.10 170.254.34.10 netmask 255.255.255.255

access-list DMZ1_access_in permit tcp host 192.168.34.200 host 192.168.34.10 eq 3389

access-group DMZ1_access_in interface DMZ1

Rgds

Jorge

abinjola Fri, 02/22/2008 - 15:05

static (inside,dmz1) 192.168.34.10 170.254.34.10, well make sure 192.168.34.10 is the free ip from the pool on DMZ

also add access-l permit icmp any any

and try to ping and see what you get in debug icmp trace ?

JORGE RODRIGUEZ Fri, 02/22/2008 - 15:38

My above reply has been tested in a working LAB environment and fully functional using original poster IP scheme, please wait until original poster replies with results before moving into debuging processies etc..

Jorge

Actions

This Discussion