Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Firewall Tricky Scenario- Help Needed


Currently I have a Server with Two NIC.

On 1st NIC I have LAN IP address

On 2nd NIC I have 2 Public IP address

Now I want to put this Server in the DMZ, but still needs to have 2 Public IP address as a pre-requiste for Microsoft Application.....

One Public IP address should not be natted but should be accessible through internet and the other IP Public IP address can be natted,

Is this Scenario possible???? If So please advice what steps are required for this Scenario....

  • Firewalling

Re: Firewall Tricky Scenario- Help Needed

Yes, the scenario is possilbe. You will just need to open up the port and the public IP address of the server, which is to be accessible over the internet, using an access list on the firewall.

New Member

Re: Firewall Tricky Scenario- Help Needed


This is no problem one way to do it is to exclude the ip from the nat by folliwing command

lets say the public ip you need to not nat is

create an access-list:

access-list no-nat permit ip host any

then create an exepmt nat policy

nat (DMZ) 0 access-list no-nat

Or you can simply use the static command:

static (DMZ,outside)

and then add an access-list on the outside interface permitting the trafic you need to

hope this help


This widget could not be displayed.