Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
3
Replies

nat rules

Go to solution
tolinrome tolinrome
Level 1
Level 1

‎01-06-2014 04:24 PM - edited ‎03-11-2019 08:25 PM

I have enabled access rules for certain hosts to permit icmp from the dmz to access the inside interface but it still wont work.

I was thinking no nat rules would be necessary, but are they? The security of the inside interface is a higher number than the dmz.

If I do need to create a nat rule what would it be? Version 9.x asa. Thanks.

I have enabled access rules for certain hosts to permit icmp from the dmz to access the inside interface but it still wont work.

I was thinking no nat rules would be necessary, but are they? The security of the inside interface is a higher number than the dmz.

If I do need to create a nat rule what would it be? Version 9.x asa. Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to tolinrome tolinrome

‎01-06-2014 06:43 PM

Hello,

If you nat the DMZ to Outside there is no requirement to Nat the DMZ o the Inside.

The question would be:

Would u like to access the DMZ hosts by using their Public IP address or the private one?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎01-06-2014 04:54 PM

Hello,

You need :

  1. ACL on the DMZ interface allowing the traffic
  2. ICMP inspection (Fixup protocol ICMP)

As you said no nat needed

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
tolinrome tolinrome
Level 1
Level 1
In response to Julio Carvajal

‎01-06-2014 06:41 PM

What if those hosts on the dmz are being nated from the outside, still no nat needed?

outside>>dmz>>inside

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to tolinrome tolinrome

‎01-06-2014 06:43 PM

Hello,

If you nat the DMZ to Outside there is no requirement to Nat the DMZ o the Inside.

The question would be:

Would u like to access the DMZ hosts by using their Public IP address or the private one?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card