NAT Question

koshala76 · ‎01-06-2009

My outside interface is 209.52.60.xx and my LAN (inside) is 192.168.0.0/16 and my DMZ (DMZ) is 172.25.10.0/24. I have nat working find for the inside interface, LAN uers can browse the internet with no issues. Futher I have port translation working for the inside network for some servers. In the DMZ I have port translation working for the Web server but the web server can't browse the internet. Nating does not work for the web server to browse the internet. I would really appreciate if someone can help me with this. I am stuppmed as what I am doing wrong.

here is the config

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz) 1 172.25.10.0 255.255.255.0

Note: Inside network can browse the internet and port translation works

DMZ port translation works but unbale to browse the internet for host inside the DMZ.

Thank you all in advance.

sachinraja · ‎01-06-2009

Hello Koshala

Isnt that the webserver should be accessed from outside ? In that case, you need to give a static , instead of doing a global PAT..

static (DMZ,outside) 209.x.x.x 172.25.10.2

doing this will enable both inbound and outbound access from/to internet..

If u just want outbound access, create a seperate global (outside) instance and it should then work fine..

Hope this helps.. all the best..

Raj

koshala76 · ‎01-06-2009

Sorry the static command was entered previously. That is why users can browse the web server from outside. I can browse the internet from the DMZ.

static (dmz,outside) 209.52.x.x 172.25.10.100 netmask 255.255.255.255

sachinraja · ‎01-06-2009

so, ur issue is solved now ?

Raj

Jithesh K Joy · ‎01-09-2009

Hi,

Please check if you have assigned any access-list to your dmz interface, if yes permit your websever(172.25.10.100) to access internet

Regards

Jithesh