Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT. Acces to DMZ host from inside to both its Public and private address

Hi,

 

We have a unique requirement I think? We require that inside hosts, can access a host on the DMZ via both its public address and its private address.

 

So if the Real DMZ address is lets say 10.1.1.1 and its public address is 1.1.1.1 we need any host on the inside to be able to communicate with both its public and private address.

 

We have tried this published the public address to the inside and that works fine inside hosts can ping the public address. We then created a NAT Exempt rule to its real address, this does not work however and we get the following error.

 

no Translation group found for icmp.

 

Can this be technically done or are we completely off the track here?

 

Regards

Darren

Everyone's tags (1)
1 REPLY
Silver

Hi ,As far as I know , It is

Hi ,

As far as I know , It is possible and very common use NAT exceptions for that purpose.

Can you please check the following link and compare with you're config:

https://supportforums.cisco.com/document/44566/asa-83-nat-exemption-example-basic-l2l-vpn-and-basic-ra-vpn

Also check the release notes of the software version you're running and see if it's supported.

 

I hope this hep.

Regards ,

 

42
Views
0
Helpful
1
Replies
CreatePlease to create content