Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
10
Helpful
5
Replies

Static NAT Question

vantipov
Level 1
Level 1

‎02-22-2008 09:15 AM - edited ‎03-11-2019 05:07 AM

I am building a connection from DMZ to inside and need to translate the real address to a hidden address so that users on DMZ LAN can access resources on inside connected LAN by the hidden address. This is the static that I built, I am not sure that it is working. Can someone double check, please.

static (inside,dmz1) 192.168.34.10 170.254.34.10 netmask 255.255.255.255

192.168.34.10 is the bogus address and 170.254.34.10 is the address for the server on inside interface.

Labels:
0 Helpful
5 Replies 5

JORGE RODRIGUEZ
Level 10
Level 10

‎02-22-2008 12:22 PM

Your static is correct , say for sake of example you permit RDP tcp traffic to 192.168.34.10 from DMZ host whose ip is 192.168.34.200.

e.g

static (inside,DMZ1) 192.168.34.10 170.254.34.10 netmask 255.255.255.255

access-list DMZ1_access_in permit tcp host 192.168.34.200 host 192.168.34.10 eq 3389

access-group DMZ1_access_in interface DMZ1

Rgds

Jorge

Jorge Rodriguez

vantipov
Level 1
Level 1
In response to JORGE RODRIGUEZ

‎02-23-2008 04:30 AM

Thank you for your reply. This is working now.

0 Helpful

abinjola
Cisco Employee
Cisco Employee

‎02-22-2008 03:05 PM

static (inside,dmz1) 192.168.34.10 170.254.34.10, well make sure 192.168.34.10 is the free ip from the pool on DMZ

also add access-l permit icmp any any

and try to ping and see what you get in debug icmp trace ?

JORGE RODRIGUEZ
Level 10
Level 10
In response to abinjola

‎02-22-2008 03:38 PM

My above reply has been tested in a working LAB environment and fully functional using original poster IP scheme, please wait until original poster replies with results before moving into debuging processies etc..

Jorge

Jorge Rodriguez
0 Helpful

vantipov
Level 1
Level 1
In response to abinjola

‎02-23-2008 04:33 AM

Thanks a lot for your help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card