Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

nat rules

I have enabled access rules for certain hosts to permit icmp from the dmz to access the inside interface but it still wont work.

I was thinking no nat rules would be necessary, but are they? The security of the inside interface is a higher number than the dmz.

If I do need to create a nat rule what would it be? Version 9.x asa. Thanks.

I have enabled access rules for certain hosts to permit icmp from the dmz to access the inside interface but it still wont work.

I was thinking no nat rules would be necessary, but are they? The security of the inside interface is a higher number than the dmz.

If I do need to create a nat rule what would it be? Version 9.x asa. Thanks.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

nat rules

Hello,

If you nat the DMZ to Outside there is no requirement to Nat the DMZ o the Inside.

The question would be:

Would u like to access the DMZ hosts by using their Public IP address or the private one?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3 REPLIES

nat rules

Hello,

You need :

  1. ACL on the DMZ interface allowing the traffic
  2. ICMP inspection (Fixup protocol ICMP)

As you said no nat needed

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

nat rules

What if those hosts on the dmz are being nated from the outside, still no nat needed?

outside>>dmz>>inside

nat rules

Hello,

If you nat the DMZ to Outside there is no requirement to Nat the DMZ o the Inside.

The question would be:

Would u like to access the DMZ hosts by using their Public IP address or the private one?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
96
Views
0
Helpful
3
Replies
CreatePlease login to create content