Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static NAT Question

I am building a connection from DMZ to inside and need to translate the real address to a hidden address so that users on DMZ LAN can access resources on inside connected LAN by the hidden address. This is the static that I built, I am not sure that it is working. Can someone double check, please.

static (inside,dmz1) 192.168.34.10 170.254.34.10 netmask 255.255.255.255

192.168.34.10 is the bogus address and 170.254.34.10 is the address for the server on inside interface.

5 REPLIES

Re: Static NAT Question

Your static is correct , say for sake of example you permit RDP tcp traffic to 192.168.34.10 from DMZ host whose ip is 192.168.34.200.

e.g

static (inside,DMZ1) 192.168.34.10 170.254.34.10 netmask 255.255.255.255

access-list DMZ1_access_in permit tcp host 192.168.34.200 host 192.168.34.10 eq 3389

access-group DMZ1_access_in interface DMZ1

Rgds

Jorge

New Member

Re: Static NAT Question

Thank you for your reply. This is working now.

Cisco Employee

Re: Static NAT Question

static (inside,dmz1) 192.168.34.10 170.254.34.10, well make sure 192.168.34.10 is the free ip from the pool on DMZ

also add access-l permit icmp any any

and try to ping and see what you get in debug icmp trace ?

Re: Static NAT Question

My above reply has been tested in a working LAB environment and fully functional using original poster IP scheme, please wait until original poster replies with results before moving into debuging processies etc..

Jorge

New Member

Re: Static NAT Question

Thanks a lot for your help.

118
Views
10
Helpful
5
Replies