Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policy Nat

Hi,

I want to configure my pix firewall 7.x in a way

but when 172.28.72.0 subnet access sthat when subnet 172.28.92.0 access the 172.28.35.28 server located in DMZ they access it as it is.ame server in dmz 172.28.35.28 they access it via ip 172.28.98.28.

means i want to do static translation of 172.28.35.28 into 172.28.98.28 only for the subnet 172.28.92.0.

rest all networks access it with original IP 172.28.35.28 from outside network.

Please tell me how to do the policy nat/static.

I will be very greatful to u.

2 REPLIES

Re: Policy Nat

What I can understand from your posting is :

Outside subnet - 172.28.92.0/24

DMZ server ip - 172.28.25.28

when 172.28.92.0/24 access 172.28.35.28 it should be redirected to 172.28.98.28

access-list PNAT-ACL permit ip 172.28.92.0 255.255.255.0 host 172.28.35.28

static(DMZ,Outside) 172.28.98.28 access-list PNAT-ACL

Hope this helps.

New Member

Re: Policy Nat

thanks for the reply,

i want 172.28.35.28 server to be access by 172.28.31.0 subnet as 172.28.98.28.

and for 172.28.92.0 subnet it is available on the original IP.

Both user subnet are located inside interface of firewall. and Server is located in dmz.

Right now this server is available for everyone on 172.28.98.28

static(inside,edn) 172.28.98.28 172.28.35.28 netmask 255.255.255.255

But now few applications in 172.28.31.0 subnet are having problem they want to access this server on real IP.

that is the reason i want to translate this server only for 172.28.31.0 and also be available as original Ip for 172.28.92.0 subnet.

103
Views
0
Helpful
2
Replies
CreatePlease login to create content