01-10-2007 02:40 AM
Hi guys,
I have 4 networks with varying security levels. Internal, DMZ1, DMZ2 and External.
I want NAT to only hide the Internal DMZ1 and DMZ2 networks when they connect to the internet via the external internface. When they networks talk to one another there should be no NAT.
Anyone got a sample config? All the examples i've found dont really do what i need.
Thanks all
01-10-2007 03:34 AM
You can do NAT exception with NAT 0 command
Let we say you have following networks
Inside 192.168.1.0
DMZ1 192.168.2.0
DMZ2 192.168.3.0
and you dont want NAT between Inside and DMZs
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
nat(inside) 0 access-list 101
M.
01-10-2007 09:55 AM
You can also do this..
nat (inside) 1 0 0
nat (dmz) 1 0 0
nat (dmz2) 1 0 0
global (outside) 1 interface
static (inside,dmz1) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (dmz1,dmz2) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
static (inside,dmz2) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
ADD appropriate ACLS for traffic..
**assumes that security levels are inside, dmz1, dmz2, outside highest to lowest**
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: