It works, I have tested that in lab!!! I have been searching for solution for the whole day and found nothing, but now as I look at your config it is clear :)

Thanks!

Hi,

It seems that it works, but after applying it, the other nat global-1 that hide all local networks to the internet is not working:

nat (outside) 2 access-list source-nat outside

global (inside) 2 interface

access-list source-nat permit ip any host 200.200.200.200

nat (inside) 1 access-list nat

global (outside) 1 global-ip-address

Could somebody help me out with this one?

Thanks.

Michal

can you try internet access from a host other than the one mapped in static

I have pix 525 with 7.2(3)8. I wanted to configre simple nat for inside and dmz.

This is my test lab. I know there are options of static and access-list. But i wanted to test this configuration.

I want my dmz user when access the inside network they use nat not static. and same i wanted to have with my inside user while they access dmz.

global (dmz) 1 interface

global (inside) 3 interface

nat (dmz) 3 10.0.0.0 255.255.255.0 outside

nat (inside) 1 172.28.92.0 255.255.255.0

access-group outside in interface outside

access-list dmz extended permit ip host 10.0.0.3 host 172.28.92.72

access-list dmz extended permit ip host 10.0.0.3 host 10.0.0.1

I have tried all possibilties but fail, even only first time at the start of lab, i use no-nat control but later on it was also stop working.

Now only static configuration is working i am able to use internet. But with this dmz nat and vice versa is not working.

few time ago, i was able to ping from inside to dmz but after sometime later it also stop working. I dont know why this is happening.

why nat control is not working. really strange situation.

Hi,

Try to use this configuration

nat (dmz) 3 10.0.0.0 255.255.255.0

global (inside) 3 10.0.0.0 255.255.255.0

nat (inside) 1 172.28.92.0 255.255.255.0

global (dmz) 1 172.28.92.0 255.255.255.0

and remove the dmz access list.

regards