Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

static nat problem

I want to do policy nat. see the attachement for network diagram. User from 192.168.1.0 subnet wants to access application server on 172.28.98.28 IP address and users on subnet 172.28.92.0 subnet wants to access this application server on 172.28.33.28, which is orignial Ip address.

Server is located on inside interface and users subnets are located on lower secuirty level.

right now users are accessing it following configuration

static (inside,edn) 172.28.98.28 172.28.35.28 netmask 255.255.255.255

4 REPLIES

Re: static nat problem

access-list NET1 permit ip host 172.28.33.28 192.168.1.0 255.255.255.0

access-list NET2 permit ip host 172.28.33.28 172.28.92.0 255.255.255.0

static (inside,outside) 172.28.98.28 access-list NET1

static (inside,outside) 172.28.33.28 access-list NET2

Community Member

Re: static nat problem

I applied the following configuration.

access-list NET1 permit ip host 172.28.35.28 host 172.28.92.54

access-list NET2 permit ip host 172.28.35.28 host 172.28.92.72

static (inside,edn) 172.28.98.28 access-list NET1

static (inside,edn) 172.28.35.28 access-list NET2

but now both users as mentioned in the below configuration as able to access same application with 35 and 98 IP address. How can i restrict only only user to access this ip with only IP address.

I dont want 92.54 users to access this application with both IP address.

Re: static nat problem

show the configuration

Re: static nat problem

use access-list on edn interface

137
Views
4
Helpful
4
Replies
CreatePlease to create content