Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Allow Inside Hosts Access to a DMZ without Translation

Hi,

Could you pls mail what exactly the below command will do ?

1) static (inside,dmz) 10.1.6.100 10.1.6.100

2) static (dmz,inside) 10.1.6.100 10.1.6.100

Pls mail me documentaion reference with multiple DMZ(1-4) configuration in PIX with translation and without address translation.

-Ganesh

3 REPLIES
Gold

Re: Allow Inside Hosts Access to a DMZ without Translation

you don't need 2), assuming 10.1.6.100 is the host on the inside interface that needs access to the dmz.

You could also use nat zero to accomplish this:

nat (inside) 0 natzero_acl

access-list natzero_acl permit ip host 10.1.6.100 host dmz_host_ip

New Member

Re: Allow Inside Hosts Access to a DMZ without Translation

Hi,

Thanks for your reply !

Pls clarify me, assuming a host 10.2.7.200 in DMZ interface that needs to access inside the below commands is correct ?

static (dmz,inside) 10.2.7.200 10.2.7.200

-Ganesh

Green

Re: Allow Inside Hosts Access to a DMZ without Translation

No you would not need that.

For 10.2.7.200 and 10.1.6.100 to communicate between the inside and dmz, all you need is...

static (dmz,inside) 10.1.6.100 10.1.6.100

215
Views
0
Helpful
3
Replies