Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NAT and DMZ question

Hi,

We have a PIX 515 with inside, outside and dmz zones which is doing NAT on our mail server from inside to outside.

The problem is that users on the DMZ cannot seem to access the mail server by the outside/public IP

The relevant access lists are

access-list outside-acl extended permit tcp any host external-mailserver eq smtp

access-list dmz-acl extended permit tcp any host external-mailserver eq smtp

and a static NAT for our mail server

static (inside,outside) external-mailserver internal-mailserver netmask 255.255.255.255

I would think it's something obvious but who knows. I thought perhaps the return traffic that goes back out the 'outside' interface is not permitted to reach the dmz but I thought the access list would keep state, no?

Thanks for any help.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: NAT and DMZ question

Sorry the command above is incorrect.

The correct command is:

static (inside,DMZ) external-mailserver internal-mailserver

Federico.

3 REPLIES

Re: NAT and DMZ question

Hi,

To allow DMZ users to access the internal server with its public IP you need:

static (outside,DMZ) external-mailserver internal-mailserver

Hope it helps.

Federico.

Re: NAT and DMZ question

Sorry the command above is incorrect.

The correct command is:

static (inside,DMZ) external-mailserver internal-mailserver

Federico.

New Member

Re: NAT and DMZ question

Thanks.  Your second answer was correct but when I marked it correct seems to show first to me.

621
Views
0
Helpful
3
Replies
CreatePlease to create content