Another DMZ question I'm afraid. I'm trying to achieve the following and any assistance would be great.
I want my Inside to PAT'd to the Outside and DMZ, I also need my Inside to able to access the DMZ via external (212*.*.0) as well as the internal (10.0.0.0) addresses. I can get the Inside connected to the DMZ / Outside via PAT and the static map works for Outside connections. When I add the line (bellow), it not only fails to work but it stops the Inside accessing the DMZ on 10.0.0.2 (via PAT).
In the first command you say the outside interface is assouciated with the 212.***** ip address, in the next command you say that it is associated to the inside interface, A single subnet cannot be associated to two differnet interfaces, Thats my logic
Thanks for your response. My understanding from the documentation was that traffic can't traverse between interfaces without a NAT. So every interface (Outside and Inside) which needs to have visibility of the address (212.*.*.2) needs a static NAT connecting them to the source IP. I think your correct in that you couldn't associate a subnet with more than one interface but these static NAT's have a host mask. I believe this is a form of hair pinning.
â¦would present the Inside address of 10.0.0.2 to the DMZ as 10.0.0.2. I would have transposed the interfaces but I guess static NAT's are bi-directional so it doesn't make any difference. I would have thought that the NAT to DMZ PAT would have taken care of this though.
global (DMZ) 1 interface
nat (Inside) 1 access-list Inside_nat_outbound
Should I remove my PAT and replace it with your suggested static NAT?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...