Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

nating for dmz to inside

hello,

i want to know about natting applying from dmz to intranet for security leve is 50 and 90 respectively.

now how i can do natting of this condition.

6 REPLIES

Re: nating for dmz to inside

The easiest way is to NAT the entire subnet to the destination network (kinda makes it look like routing).

static (inside,dmz) 192.168.5.0 192.168.5.0 netmask 255.255.255.0

The inside network is 192.168.5.0.

Hope that helps.

New Member

Re: nating for dmz to inside

ok this is good

but tell me i have to redirect port also.

Re: nating for dmz to inside

You can redirect a port with a more specific NAT.

static (inside,dmz) tcp 192.168.5.15 80 192.168.5.15 8080 netmask 255.255.255.255

This would translate port 80 to port 8080.

New Member

Re: nating for dmz to inside

yes this is very helpful now tell me now i have this same scenario which u tell me .

but i want natting from dmz to outside and dmz to intranet zone for same application and port is like 8080 to 80

so what i give to nating so my application can run

i give the both natting but its not working.

static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 255.255.255.255

static (dmz,intranet) tcp 10.10.10.10 8080 192.168.1.2 255.255.255.255

now tell me what more i give command ?

Re: nating for dmz to inside

You should have got errors when entering those commands.

static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 80 255.255.255.255

I don't understand the intranet to DMZ. If you're going from intranet to DMZ, you don't need a static because of the security level of the interfaces.

New Member

Re: nating for dmz to inside

i think your Nat entries should be like this:-

static (dmz,outside) tcp 220.25.123.124 8080 192.168.1.2 80 netmask 255.255.255.255

static (dmz,intranet) tcp 10.10.10.10 8080 192.168.1.2 80 netmask 255.255.255.255

150
Views
0
Helpful
6
Replies