Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT Question

My outside interface is 209.52.60.xx and my LAN (inside) is 192.168.0.0/16 and my DMZ (DMZ) is 172.25.10.0/24. I have nat working find for the inside interface, LAN uers can browse the internet with no issues. Futher I have port translation working for the inside network for some servers. In the DMZ I have port translation working for the Web server but the web server can't browse the internet. Nating does not work for the web server to browse the internet. I would really appreciate if someone can help me with this. I am stuppmed as what I am doing wrong.

here is the config

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz) 1 172.25.10.0 255.255.255.0

Note: Inside network can browse the internet and port translation works

DMZ port translation works but unbale to browse the internet for host inside the DMZ.

Thank you all in advance.

4 REPLIES

Re: NAT Question

Hello Koshala

Isnt that the webserver should be accessed from outside ? In that case, you need to give a static , instead of doing a global PAT..

static (DMZ,outside) 209.x.x.x 172.25.10.2

doing this will enable both inbound and outbound access from/to internet..

If u just want outbound access, create a seperate global (outside) instance and it should then work fine..

Hope this helps.. all the best..

Raj

New Member

Re: NAT Question

Sorry the static command was entered previously. That is why users can browse the web server from outside. I can browse the internet from the DMZ.

static (dmz,outside) 209.52.x.x 172.25.10.100 netmask 255.255.255.255

Re: NAT Question

so, ur issue is solved now ?

Raj

New Member

Re: NAT Question

Hi,

Please check if you have assigned any access-list to your dmz interface, if yes permit your websever(172.25.10.100) to access internet

Regards

Jithesh

103
Views
0
Helpful
4
Replies
CreatePlease to create content