Policy Nat

Unanswered Question
Jul 17th, 2008
User Badges:


I want to configure my pix firewall 7.x in a way

but when subnet access sthat when subnet access the server located in DMZ they access it as it is.ame server in dmz they access it via ip

means i want to do static translation of into only for the subnet

rest all networks access it with original IP from outside network.

Please tell me how to do the policy nat/static.

I will be very greatful to u.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dhananjoy chowdhury Thu, 07/17/2008 - 10:42
User Badges:
  • Silver, 250 points or more

What I can understand from your posting is :

Outside subnet -

DMZ server ip -

when access it should be redirected to

access-list PNAT-ACL permit ip host

static(DMZ,Outside) access-list PNAT-ACL

Hope this helps.

wasiimcisco Thu, 07/17/2008 - 13:31
User Badges:

thanks for the reply,

i want server to be access by subnet as

and for subnet it is available on the original IP.

Both user subnet are located inside interface of firewall. and Server is located in dmz.

Right now this server is available for everyone on

static(inside,edn) netmask

But now few applications in subnet are having problem they want to access this server on real IP.

that is the reason i want to translate this server only for and also be available as original Ip for subnet.


This Discussion