07-24-2006 10:35 PM - edited 02-21-2020 01:04 AM
Probebly been asked before, but...
I have a 515 with 6.3 software. Three interfaces. I need to allow traffic from the DMZ to a single host on the internal network. Destination address should not be NATted, source network should (source traffic comes in via ISDN and is a non routed subnet).
Is this possible at all? I've tried playing around with a static;
static (inside,dmz) <inside address> <inside address/mask>
This should not hide the inside address, but does not fix my source NAT problem. Nat and Global does not work because i have to go from lower to higher security level.
I can't figger this out...
07-25-2006 04:25 AM
The static you have will work for your destination. Are you trying to NAT the host on the DMZ when it goes to the inside?
Here is the excerpt from the command reference.
nat outside (Outside NAT)
The nat outside option lets you enable or disable outside NAT, which translates the source address of a connection coming from a lower security interface to higher interface. This feature is also called bidirectional NAT.
If you enable outside dynamic NAT on an interface, then you must configure explicit NAT policy for all hosts on the interface that need to initiate connections to inside networks. If you want to translate some hosts, but not others, then use identity NAT or NAT exemption (nat 0 or nat 0 access-list) to disable address translation for these additional hosts.
HTH
07-25-2006 05:25 AM
Thanks, 10 minutes ago i found the same thing on CCO, outside NAT. Gonna try!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide