cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
365
Views
0
Helpful
3
Replies

Problem related to Static Translations

mansab.mahmood
Level 1
Level 1

Hi!

MY client has ERP servers and ISA servers in a single DMZ but now wants to place the ERP Servers on one DMZ (say DMZ1) without changing their IP Subnet and place the ISA Server on another DMZ (say DMZ2) and a diffrent IP Subnet. The problem is that he has around 1500 users on the LAN using the ISA Server and doesn't want to change the IP Address of the ISA server on all the PCs.

What he wants instead is that a translation should be created for the ISA so that when the inside users try to access the ISA server using its old IP Address (which is now part of DMZ1 - ERP DMZ) the request should be forwarded to the DMZ2 interface (where the ISA server now resides physically).

I have tried to convince him to change the IP Address of the ISA in the client PCs but he is not accepting it.

How can this be achieved through static translations.

Thanks in Advance!

Cheers!

3 Replies 3

Yudong Wu
Level 7
Level 7

Try this.

static (DMZ2,inside) ISA_old_IP ISA_new_IP

stanleyb
Level 1
Level 1

Sure, assign new IP for the ISA (DMZ2 subnet) then create a static nat entry for it, place/connect ISA in dmz2. Firewall will see new IP and forward accordingly to dmz2.

Router config would look something like this:

access-list 1 permit x.x.x.x 0.0.0.0 << x = current ISA IP

ip nat pool 1 x.x.x.x x.x.x.x prefix /32 << x = new ISA IP. Same @ both x

ip nat inside list 1 pool 1

int fa0/0 <

ip nat outside

int f0/1 <

ip nat inside

If firewall, create a NAT rule to translate one to one -- current ISA IP (configured at computers) to ISA real DMZ2 IP - inside interface to DMZ2 interface. Be sure to allow desired traffic type/protocols/ports and static route that ip only with higher priority then current subnet route to dmz1.

not sure what devices you are using, but lemeno if that helped,

Thanks,

Let me check this out on my next visit to the client and i will let you know how it turned out.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: