Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT question

global (GT/Bell) 1 interface
global (Allstream/SunGard) 1 interface

nat (dmz) 1 0.0.0.0 0.0.0.0
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,dmz) 10.69.0.0 10.69.0.0 netmask 255.255.0.0

access-list inside_nat0_outbound; 2 elements
access-list inside_nat0_outbound line 1 extended permit ip any 10.xx.x.x 255.255.0.0
access-list inside_nat0_outbound line 2 extended permit ip any 10xx.xx.x 255.255.240.0

My question is ...

If I want my DMZ to NOT NAT when going to my internal network of 10.xx.xx.xx 255.255.240.0

What do I need? What is above is what exists..

I have a bunch of ideas in my head about what I need but at the same time what I've tried isn't working so I need some advice.

Thanks,

BR

1 REPLY

Re: NAT question

Technically speaking you are NATing, but the firewall is NATing with the real IP's.

static (inside,dmz) 10.69.0.0 10.69.0.0 netmask 255.255.0.0

There's nothing wrong with doing this. If you really want to prevent NAT, create another ACL and prevent NAT on the interface, just like the one applied to the inside.

nat (dmz) 0 access-list no_nat
access-list no_nat extended permit ip [dmz subnet & mask] [internal subnet & mask]

Hope it helps.

517
Views
5
Helpful
1
Replies
CreatePlease login to create content