Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

NAT between inside and dmz

Hi

we have core switch in our network connected to ASA

on switch ve have vlans:

vlan 20 inside   ip address 172.20.20.0

vlan 30 dmz     ip address 172.30.30.0

interface vlan 20

ip address 172.20.20.254

interface vlan 30

ip address 172.30.30.254

ip route 0.0.0.0 0.0.0.0 172.20.20.1

on ASA:

int g0/0

nameif inside

ip add 172.20.20.1

int g0/1

nameif dmz

ip add 172.30.30.1

we want traffic between inside and dmz pass through ASA

on servers in dmz gateway is 172.30.30.1 the ip address of ASA

on inside vlan pc's gateway is 172.20.20.254 the ip address of core

we did

static ( inside,dmz) 172.20.20.0 172.20.20.0 netmask 255.255.255.0

the we tried

static (dmz,inside) 172.20.20.0 172.30.30.0 netmask 255.255.255.0

but it didn't help

please advice how to configure,and pass traffic between inside and dmz through ASA?

9 REPLIES

NAT between inside and dmz

Is there a specific reason that you want traffic to be NAT'd from the inside to the DMZ? Is this because of security reasons ro do you have nat control enabled?

NAT between inside and dmz

Try this: static (inside,dmz) 172.20.0.0 172.20.0.0 netmask 255.255.0.0

thanks

Rizwan Rafeek

New Member

NAT between inside and dmz

Hi,

John TylerPearce:  we do this due to security reasons. we are doing NAT for internet also, its working. do we need to enable NAT control?

rizwanr74: I'll try

Bronze

NAT between inside and dmz

You have some typos in your mappings

static ( inside,dmz) 172.20.20.0 172.20.20.0 netmask 255.255.255.0

should be

static ( inside,dmz) 172.20.20.0 172.30.30.0 netmask 255.255.255.0

New Member

NAT between inside and dmz

Eugen Barticel: but in books they write that it should be same subnet, i mean the inside subnet

Bronze

NAT between inside and dmz

Sorry my mistake...

Check an example of configuration here, they don't use the same network for both inside and dmz

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_static.html

Hope this helps

Eugen

New Member

NAT between inside and dmz

Eugen Thanks,

but in this example there are overlapping network on inside and dmz, not our situation

Bronze

NAT between inside and dmz

This statement is above the topology diagram and is not related 
to overlapping described after the topology

"The following command statically maps an entire subnet:

 hostname(config)# static (inside,dmz) 10.1.1.0 10.1.2.0 netmask 255.255.255.0 "

I had a look at that statement when  I had posted that you may have a typo in the configuration. I hope that you will find the solution

All the best

Eugen

New Member

NAT between inside and dmz

Hi,

i find the problem. i have deleted the interface vlan 30 on core switch, after that, static ( inside,dmz) 172.20.20.0 172.20.20.0 netmask 255.255.255.0 is worked

thank everyone for help

1054
Views
0
Helpful
9
Replies
CreatePlease to create content