Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Need nat 0 explanation

I have installed PIX-515 with 3 interfaces. Inside users can access the outside and the dmz. The ip assigned to the interfaces are:

Outside: 203.115.208.1 subnet mask 255.255.255.240

Dmz: 203.115.211.1 subnet mask 255.255.255.0

Inside: 10.0.0.1 subnet mask 255.255.255.0

The web server (203.115.211.10/24) and mail server (203.115.211.11/24) use valid internet ip addresses.

The question is how I go about to configure nat 0 for web and mail server?

1 REPLY
Silver

Re: Need nat 0 explanation

The NAT 0 command is mainly for outbound access. You can use "nat 0 (interface) access-list " to accomplish what you wish, but I would suggest just using static statements. In your case, they would read:

static (dmz, outside) 203.115.211.10 203.115.211.10 netmask 255.255.255.255

static (dmz, outside) 203.115.211.11 203.115.211.11 netmask 255.255.255.255

The above statements create static translations from the dmz to the outside for those two hosts. The addresses will not be translated because the address on the dmz is the same as the one we specified on the outside.

Don't forget to add an access-list to the outside interface to permit access to those servers.

Hope that helps,

David.

93
Views
0
Helpful
1
Replies