static nat problem

Unanswered Question
Jul 19th, 2008
User Badges:

I want to do policy nat. see the attachement for network diagram. User from 192.168.1.0 subnet wants to access application server on 172.28.98.28 IP address and users on subnet 172.28.92.0 subnet wants to access this application server on 172.28.33.28, which is orignial Ip address.


Server is located on inside interface and users subnets are located on lower secuirty level.


right now users are accessing it following configuration


static (inside,edn) 172.28.98.28 172.28.35.28 netmask 255.255.255.255





Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
a.alekseev Sat, 07/19/2008 - 12:40
User Badges:
  • Gold, 750 points or more

access-list NET1 permit ip host 172.28.33.28 192.168.1.0 255.255.255.0

access-list NET2 permit ip host 172.28.33.28 172.28.92.0 255.255.255.0

static (inside,outside) 172.28.98.28 access-list NET1

static (inside,outside) 172.28.33.28 access-list NET2



wasiimcisco Sat, 07/19/2008 - 13:27
User Badges:

I applied the following configuration.


access-list NET1 permit ip host 172.28.35.28 host 172.28.92.54

access-list NET2 permit ip host 172.28.35.28 host 172.28.92.72

static (inside,edn) 172.28.98.28 access-list NET1

static (inside,edn) 172.28.35.28 access-list NET2



but now both users as mentioned in the below configuration as able to access same application with 35 and 98 IP address. How can i restrict only only user to access this ip with only IP address.


I dont want 92.54 users to access this application with both IP address.






a.alekseev Sat, 07/19/2008 - 14:10
User Badges:
  • Gold, 750 points or more

use access-list on edn interface

Actions

This Discussion