cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
267
Views
0
Helpful
1
Replies

dmz with nat0

sayeed
Level 1
Level 1

Hello, I have a customer with PIX 515 UR bundle. having 4 port FE card having 4 dmzs.

He wants dmz2 network to access everything on inside network and vice versa. So I used nat 0 command and both ways access is working unrestricted.

Is there a way to make these dmz2 users to browse internet or it is not possible. I think for browsing I have to use nat but they are active directory and file sharing to happen between these two networks, that is why I didnt use it.

In dmz1 I have used nat command and users on dmz1 are browsing but servers in dmz1 are not able to access active directory and network neighbourhood in inside network.

Pls advice on some articles that help me configure this.

Regards,

Sayeed Alhajri.

1 Reply 1

mostiguy
Level 6
Level 6

For DMZ 2, use nat 1 for everything, and a nat 0 access-list statement. Write an ACL for that nat 0 statement that would contain all traffic to the inside subnets. This will nat 1 everything that isn't going to the inside, which is what you seek.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: