Policy Nat

Unanswered Question
Jul 17th, 2008

Hi,

I want to configure my pix firewall 7.x in a way

but when 172.28.72.0 subnet access sthat when subnet 172.28.92.0 access the 172.28.35.28 server located in DMZ they access it as it is.ame server in dmz 172.28.35.28 they access it via ip 172.28.98.28.

means i want to do static translation of 172.28.35.28 into 172.28.98.28 only for the subnet 172.28.92.0.

rest all networks access it with original IP 172.28.35.28 from outside network.

Please tell me how to do the policy nat/static.

I will be very greatful to u.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dhananjoy chowdhury Thu, 07/17/2008 - 10:42

What I can understand from your posting is :

Outside subnet - 172.28.92.0/24

DMZ server ip - 172.28.25.28

when 172.28.92.0/24 access 172.28.35.28 it should be redirected to 172.28.98.28

access-list PNAT-ACL permit ip 172.28.92.0 255.255.255.0 host 172.28.35.28

static(DMZ,Outside) 172.28.98.28 access-list PNAT-ACL

Hope this helps.

wasiimcisco Thu, 07/17/2008 - 13:31

thanks for the reply,

i want 172.28.35.28 server to be access by 172.28.31.0 subnet as 172.28.98.28.

and for 172.28.92.0 subnet it is available on the original IP.

Both user subnet are located inside interface of firewall. and Server is located in dmz.

Right now this server is available for everyone on 172.28.98.28

static(inside,edn) 172.28.98.28 172.28.35.28 netmask 255.255.255.255

But now few applications in 172.28.31.0 subnet are having problem they want to access this server on real IP.

that is the reason i want to translate this server only for 172.28.31.0 and also be available as original Ip for 172.28.92.0 subnet.

Actions

This Discussion