cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
277
Views
4
Helpful
4
Replies

static nat problem

wasiimcisco
Level 1
Level 1

I want to do policy nat. see the attachement for network diagram. User from 192.168.1.0 subnet wants to access application server on 172.28.98.28 IP address and users on subnet 172.28.92.0 subnet wants to access this application server on 172.28.33.28, which is orignial Ip address.

Server is located on inside interface and users subnets are located on lower secuirty level.

right now users are accessing it following configuration

static (inside,edn) 172.28.98.28 172.28.35.28 netmask 255.255.255.255

4 Replies 4

a.alekseev
Level 7
Level 7

access-list NET1 permit ip host 172.28.33.28 192.168.1.0 255.255.255.0

access-list NET2 permit ip host 172.28.33.28 172.28.92.0 255.255.255.0

static (inside,outside) 172.28.98.28 access-list NET1

static (inside,outside) 172.28.33.28 access-list NET2

I applied the following configuration.

access-list NET1 permit ip host 172.28.35.28 host 172.28.92.54

access-list NET2 permit ip host 172.28.35.28 host 172.28.92.72

static (inside,edn) 172.28.98.28 access-list NET1

static (inside,edn) 172.28.35.28 access-list NET2

but now both users as mentioned in the below configuration as able to access same application with 35 and 98 IP address. How can i restrict only only user to access this ip with only IP address.

I dont want 92.54 users to access this application with both IP address.

show the configuration

use access-list on edn interface

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: