Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
2
Replies

DMZ, Access rule, NAT exemption Topic

richard_68
Level 1
Level 1

‎06-08-2012 05:02 AM - edited ‎03-11-2019 04:17 PM

Hi all,

I've have one topic to discuss.

We have a ASA 5510 with a public /27 Network outside. Inside we have multipe Custumers, which need public Adresse to operate their own network.

I have only that /27 Network. Is it possible to give our custumers IP Adresses from the outside Interface and configure static identity NAT ? Or could I configure

NAT exemption? The Custumers want to do IP-Sec from their networks, so it could be problematic, to realize the common scenario with a natted DMZ.

Thank you for help.

Richard

Labels:
0 Helpful
2 Replies 2

nkarthikeyan
Level 7
Level 7

‎06-08-2012 06:03 AM

Hi Richard,

All the customers will be accessing thru VPN only right?????. If that is the case you can have different private ranges inside your network and each can access their customers through vpn channel.

explain in detail about your requirement.

0 Helpful

richard_68
Level 1
Level 1
In response to nkarthikeyan

‎06-11-2012 12:58 AM

hello,

in the building we have a GE uplink and a lot off costumers (business). Some off them  need only Internet access and I configured PAT. Others need  fix public IP addresses for different Services (for Example inbound and outbound VPN tunnels, Mail Servers etc).

I have a public  /27 Network configured on the outside interface. Is it possible to use IP addresses from that /27 Network without NAT on the costumer firewall or Server?

Which is the best way  to realize that requirement?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card