06-23-2003 07:17 AM - edited 03-09-2019 03:46 AM
I have a 10.x.x.x network on the inside interface (100). I have semi-rogue network being hooked up to ethernet6 (90) which is going to be 10.y.y.y. I would like for the 10.y.y.y network be able to see all the servers on the inside with the original 10.x.x.x addresses. Is this possible? if so, how?
06-23-2003 11:40 AM
yup.
you probably have a nat 1 statements for all traffic from that interface. what you want to add is a nat 0 access-list statement that selective excludes traffic from nat. If 1.2.3.0/24 was the netblock used on e6, then this is basically what you would want to do:
access-list 106 permit ip 10.x.x.x 255.0.0.0 1.2.3.0 255.255.255.0
nat (inside) 0 access-list 106
this would stop 10.0.0.0/8 from natting traffic only when the destination is 1.2.3.0/24
06-23-2003 02:53 PM
Yes,
Just to create a static statement using the same IP for low sec & high sec interface:
static (inside,dmz) 10.x.x.x 10.x.x.x netmask 255.0.0.0
access-list ondmz ip 10.y.y.y 255.0.0.0 10.x.x.x 255.0.0.0
access-group ondmz interface dmz
I write it roughly, check the syntax to be sure
Ben
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: