Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Nat from Outside (VPN POOL) to DMZ

I have a situation where I need to nat from our VPN Pool to a specific address on a dmz interface and use PAT to the DMZ interface IP.

Here is what I came up with, but does not work:

ip local pool vpnpool mask

access-list vpnnatdmz permit ip host

access-list nonatdmz permit ip host

access-list nonatdmz permit ip host

nat (dmz) 0 access-list nonatdmz

nat (outside) 5 access-list vpnnatdmz outside

global (dmz) 5 interface

So that when a vpn client accesses on the dmz interface, it should be translated to the IP of the dmz interface.

I get the following error when I try to access that ip through the vpn client:

No translation group found for tcp src outside: dst dmz:

Any suggestion on how to do this would be great. I have this scenario working from the inside interface to the DMZ, but cannot get it to work from the outside to the DMZ.




Re: Nat from Outside (VPN POOL) to DMZ

if i am not wrong the following statement is wrong--

nat (outside) 5 access-list vpnnatdmz outside

There should be no " outside" mentioned at the end of the nat statement.

It should only be

nat (outside) 5 access-list vpnnatdmz

--Pls rate if useful--