Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Basic natting ( or no natting) question

I have a 515 running 6.3.3 with a DMZ. I am having some problems understanding the natting for the DMZ. Basically I have an internal network (, DMZ (, and outside (

I would like a DMZ server to be able to address the internal server with the address without a nat. Basically I would like the DMZ to know the real addresses of the inside, and the inside to know about the real addresses of the outside. I would also still be needing to keep the dmz servers statically natted to the outside of course. Am I missing something, or do I just need two nat 0 statements? After that I should just be able to create ACLs for lower security interfaces to get to higher...

I am still getting the no translation messages...

  • Firewalling
New Member

Re: Basic natting ( or no natting) question

I think it should be something like the following.

static (inside,dmz) netmask


Re: Basic natting ( or no natting) question

Use the static command to translate the dmz and inside address to itself. Leave your static for the dmz to outside.

static (internal-interface, external) global-ip local-ip netmask MASK

static (dmz, inside) netmask

static (inside, dmz) netmask



Please rate if this helps!