Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

dmz with nat0

Hello, I have a customer with PIX 515 UR bundle. having 4 port FE card having 4 dmzs.

He wants dmz2 network to access everything on inside network and vice versa. So I used nat 0 command and both ways access is working unrestricted.

Is there a way to make these dmz2 users to browse internet or it is not possible. I think for browsing I have to use nat but they are active directory and file sharing to happen between these two networks, that is why I didnt use it.

In dmz1 I have used nat command and users on dmz1 are browsing but servers in dmz1 are not able to access active directory and network neighbourhood in inside network.

Pls advice on some articles that help me configure this.


Sayeed Alhajri.


Re: dmz with nat0

For DMZ 2, use nat 1 for everything, and a nat 0 access-list statement. Write an ACL for that nat 0 statement that would contain all traffic to the inside subnets. This will nat 1 everything that isn't going to the inside, which is what you seek.

CreatePlease login to create content