Internal to External Static NAT

Unanswered Question
May 14th, 2008
User Badges:

hi everyone,


i have an intersting query. We have a Cisco ASA 5540, running 8.0 setup in the normal fashion, 1 inside interface, 1 outside interface, 1 DMZ interface. we have a server in the DMZ that is statically natted to the outside interface. Here is my question, can an internal host access the externally natted IP address of the DMZ box. So basically can a host coming in on the inside interface hit the statically natted external IP (the internal address isn't natted), then this static nat be un-natted and passed to the DMZ, this in turn then returning the traffic. In which order would the ASA go about this? Currently i have no access like this, and was wondering if it was possible?


Thanks


Ali

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Wed, 05/14/2008 - 05:32
User Badges:
  • Green, 3000 points or more

static (dmz,inside) netmask 255.255.255.255

alibowluk Wed, 05/14/2008 - 06:10
User Badges:

so if i've already got


static(dmz,outside) 62.62.62.62 10.0.0.1 netmask 255.255.255.255


won't adding


static(dmz,inside) 62.62.62.62 10.0.0.1 netmask 255.255.255.255


confuse the issue? it would be a pool of unnatted internal addresses needing to get to the external address, as well as obviously the outside world needing the address


what i'm interested in, what will the ASA do when it receives a packet destined for the external IP address on the inside interface which really only exists when coming from the outside? ah actually i see your point, where technically does the public ip address exist when i add this command? on both the inside and outside?


Thanks for the help

acomiskey Wed, 05/14/2008 - 06:50
User Badges:
  • Green, 3000 points or more

static(dmz,inside) 62.62.62.62 10.0.0.1 netmask 255.255.255.255


Traffic destined for 62.62.62.62 from the inside will be translated to 10.0.0.1 on the dmz. It will not effect your translation from the outside.


Actions

This Discussion