Internal to External Static NAT

Unanswered Question
May 14th, 2008

hi everyone,

i have an intersting query. We have a Cisco ASA 5540, running 8.0 setup in the normal fashion, 1 inside interface, 1 outside interface, 1 DMZ interface. we have a server in the DMZ that is statically natted to the outside interface. Here is my question, can an internal host access the externally natted IP address of the DMZ box. So basically can a host coming in on the inside interface hit the statically natted external IP (the internal address isn't natted), then this static nat be un-natted and passed to the DMZ, this in turn then returning the traffic. In which order would the ASA go about this? Currently i have no access like this, and was wondering if it was possible?

Thanks

Ali

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
alibowluk Wed, 05/14/2008 - 06:10

so if i've already got

static(dmz,outside) 62.62.62.62 10.0.0.1 netmask 255.255.255.255

won't adding

static(dmz,inside) 62.62.62.62 10.0.0.1 netmask 255.255.255.255

confuse the issue? it would be a pool of unnatted internal addresses needing to get to the external address, as well as obviously the outside world needing the address

what i'm interested in, what will the ASA do when it receives a packet destined for the external IP address on the inside interface which really only exists when coming from the outside? ah actually i see your point, where technically does the public ip address exist when i add this command? on both the inside and outside?

Thanks for the help

acomiskey Wed, 05/14/2008 - 06:50

static(dmz,inside) 62.62.62.62 10.0.0.1 netmask 255.255.255.255

Traffic destined for 62.62.62.62 from the inside will be translated to 10.0.0.1 on the dmz. It will not effect your translation from the outside.

Actions

This Discussion