robertson.michael Tue, 07/22/2008 - 15:08
User Badges:
  • Silver, 250 points or more

Hi Patrick,

Let me make sure I understand your scenario:

You have a pool of public IP addresses assigned by your ISP. You want to map one of these addresses to a host behind your DMZ interface. Is this correct?

If so, you can simply configure a static translation, such as this:

static (dmz,outside) netmask

If the host behind the DMZ interface was, for example, a web server and you wanted users on the Internet to access it, you would also need to edit the ACL on your outside interface to allow the initial traffic to come in to your network.

Hope that helps.


patrick.hurley Tue, 07/22/2008 - 15:13
User Badges:

I guess because you are using the host address mask it doesn't matter where the host exists.


This Discussion