Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Accessing DMZ sever by public and private address

I have a server sat on a DMZ with a real address of and a public address of

I wish to access it by its public address from the outside and by EITHER its public or private address from the inside.

I have a static nat set up as follows:

static (dmz,outside) netmask

This gives me access from the outside.

I have also set up a static as follows:

static (dmz,inside) netmask

I can access the device from the inside on the public address, but not on the private address.

Has anyone implemented this scenario successfully.




Re: Accessing DMZ sever by public and private address

Allowing access from outside to DMZ via a statically nat public ip is correct. But to allow inside host talking to DMZ via public IP is not possible.

This is because the public IP is a logical mapping by PIX for external/internet users talking to the DMZ. Logically, they are on the same outside/public segment.

For inside to DMZ access, you have to use DMZ's IP address to access it, which is

The most you can do is to use nat/dmz pair:

nat (inside) 1

global (dmz) 1

This allows 192.168.1.x hosts to talk to the server.

Or simply use static mapping between inside & dmz segment (and use ACL if you need to restrict more, or add icmp for testing):

static (inside,dmz) netmask



New Member

Re: Accessing DMZ sever by public and private address

Thanks for the reply but I have already managed to get internal users communicating from the Inside by using the Public address.

This was achieved using the configuration described in my original posting.

This is working fine - the issue I have is trying to get users to be able to access the device using its Private address as well as its Public address.

I don't even know if this is possible.

CreatePlease login to create content