cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
266
Views
0
Helpful
2
Replies

Policy Nat

wasiimcisco
Level 1
Level 1

Hi,

I want to configure my pix firewall 7.x in a way

but when 172.28.72.0 subnet access sthat when subnet 172.28.92.0 access the 172.28.35.28 server located in DMZ they access it as it is.ame server in dmz 172.28.35.28 they access it via ip 172.28.98.28.

means i want to do static translation of 172.28.35.28 into 172.28.98.28 only for the subnet 172.28.92.0.

rest all networks access it with original IP 172.28.35.28 from outside network.

Please tell me how to do the policy nat/static.

I will be very greatful to u.

2 Replies 2

What I can understand from your posting is :

Outside subnet - 172.28.92.0/24

DMZ server ip - 172.28.25.28

when 172.28.92.0/24 access 172.28.35.28 it should be redirected to 172.28.98.28

access-list PNAT-ACL permit ip 172.28.92.0 255.255.255.0 host 172.28.35.28

static(DMZ,Outside) 172.28.98.28 access-list PNAT-ACL

Hope this helps.

thanks for the reply,

i want 172.28.35.28 server to be access by 172.28.31.0 subnet as 172.28.98.28.

and for 172.28.92.0 subnet it is available on the original IP.

Both user subnet are located inside interface of firewall. and Server is located in dmz.

Right now this server is available for everyone on 172.28.98.28

static(inside,edn) 172.28.98.28 172.28.35.28 netmask 255.255.255.255

But now few applications in 172.28.31.0 subnet are having problem they want to access this server on real IP.

that is the reason i want to translate this server only for 172.28.31.0 and also be available as original Ip for 172.28.92.0 subnet.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: