Collin Clark Thu, 07/16/2009 - 11:37
User Badges:
  • Purple, 4500 points or more

The easiest way is to NAT the entire subnet to the destination network (kinda makes it look like routing).


static (inside,dmz) 192.168.5.0 192.168.5.0 netmask 255.255.255.0


The inside network is 192.168.5.0.


Hope that helps.

Collin Clark Thu, 07/16/2009 - 12:08
User Badges:
  • Purple, 4500 points or more

You can redirect a port with a more specific NAT.


static (inside,dmz) tcp 192.168.5.15 80 192.168.5.15 8080 netmask 255.255.255.255


This would translate port 80 to port 8080.

mitang.prajapati Thu, 07/16/2009 - 13:30
User Badges:

yes this is very helpful now tell me now i have this same scenario which u tell me .


but i want natting from dmz to outside and dmz to intranet zone for same application and port is like 8080 to 80


so what i give to nating so my application can run


i give the both natting but its not working.


static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 255.255.255.255



static (dmz,intranet) tcp 10.10.10.10 8080 192.168.1.2 255.255.255.255


now tell me what more i give command ?

Collin Clark Fri, 07/17/2009 - 05:13
User Badges:
  • Purple, 4500 points or more

You should have got errors when entering those commands.


static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 80 255.255.255.255


I don't understand the intranet to DMZ. If you're going from intranet to DMZ, you don't need a static because of the security level of the interfaces.

hussain.ratlami Tue, 07/21/2009 - 06:02
User Badges:

i think your Nat entries should be like this:-


static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 80 netmask 255.255.255.255


static (dmz,intranet) tcp 10.10.10.10 8080 192.168.1.2 80 netmask 255.255.255.255

Actions

This Discussion