NAT Question

Unanswered Question
Jan 6th, 2009
User Badges:

My outside interface is 209.52.60.xx and my LAN (inside) is and my DMZ (DMZ) is I have nat working find for the inside interface, LAN uers can browse the internet with no issues. Futher I have port translation working for the inside network for some servers. In the DMZ I have port translation working for the Web server but the web server can't browse the internet. Nating does not work for the web server to browse the internet. I would really appreciate if someone can help me with this. I am stuppmed as what I am doing wrong.

here is the config

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1

nat (dmz) 1

Note: Inside network can browse the internet and port translation works

DMZ port translation works but unbale to browse the internet for host inside the DMZ.

Thank you all in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sachinraja Tue, 01/06/2009 - 13:49
User Badges:
  • Red, 2250 points or more

Hello Koshala

Isnt that the webserver should be accessed from outside ? In that case, you need to give a static , instead of doing a global PAT..

static (DMZ,outside) 209.x.x.x

doing this will enable both inbound and outbound access from/to internet..

If u just want outbound access, create a seperate global (outside) instance and it should then work fine..

Hope this helps.. all the best..


koshala76 Tue, 01/06/2009 - 14:29
User Badges:

Sorry the static command was entered previously. That is why users can browse the web server from outside. I can browse the internet from the DMZ.

static (dmz,outside) 209.52.x.x netmask

sachinraja Tue, 01/06/2009 - 17:07
User Badges:
  • Red, 2250 points or more

so, ur issue is solved now ?


Jithesh K Joy Fri, 01/09/2009 - 04:48
User Badges:


Please check if you have assigned any access-list to your dmz interface, if yes permit your websever( to access internet




This Discussion