Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
219
Views
0
Helpful
2
Replies

Static Nat and Route-map.

examples20001
Level 1
Level 1

‎02-07-2006 05:19 PM - edited ‎03-03-2019 11:41 AM

Hi,

My network has got DMZ(192.168.0.0/24) and LAN(172.29.8.0/24) segments.

I want to do static nat one of the DMZ server 192.168.0.10 to LAN address 172.29.8.180.

And also want to alow the DMZ server to to be access from Internet.

I have VPN setup between LAN 172.29.8.0/24 and 172.29.150.0/24 (H.0).

So after the doing the static NAT of DMZ server(192.168.0.10) to LAN address(172.29.8.180) is it possible to access the DMZ server from H.O thru VPN?

!

interface FastEthernet0/0

description Interface Inside$FW_INSIDE$

ip address 172.29.8.100 255.255.255.0

!

interface FastEthernet0/1

description Interface Outside$FW_OUTSIDE$

ip address A.B.C.2 255.255.255.0

!

interface Vlan1

description Interface DMZ$FW_DMZ$

ip address 192.168.0.1 255.255.255.0

!

ip nat pool pool-1 A.B.C.30 A.B.C.31 netmask 255.255.255.0

ip nat inside source route-map SDM_RMAP_1 pool pool-1 overload

ip nat inside source static 192.168.0.10 A.B.C.24 route-map SDM_RMAP_1 extendable no-alias

ip nat inside source static 192.168.0.10 172.29.8.180 route-map VPN-DMZ-LAN extendable no-alias

!

route-map SDM_RMAP_1 permit 1

match ip address 104

!

route-map VPN-DMZ-LAN permit 1

match ip address 115

!

#show access-list 104

Extended IP access list 104

10 deny ip 172.29.8.0 0.0.0.255 172.29.150.0 0.0.0.255

20 deny ip 192.168.0.0 0.0.0.255 172.29.150.0 0.0.0.255 <<<===Is this statement required?

30 permit ip 192.168.0.0 0.0.0.255 any

40 permit ip 172.29.8.0 0.0.0.255 any

#

#show access-list 115

Extended IP access list 115

10 permit ip 172.29.8.0 0.0.0.255 172.29.150.0 0.0.0.255

#

Labels:
0 Helpful
2 Replies 2

spremkumar
Level 9
Level 9

‎02-14-2006 02:07 AM

Hi

Need some clarity about the interesting traffic which you have mentioned up for encryption .

Also the ip being used by the HO to access the remote site.. are they going to access 192.168.0.10 or 172.29.8.180 ?

regds.

0 Helpful

examples20001
Level 1
Level 1
In response to spremkumar

‎02-14-2006 02:28 AM

Hi,

HO will access the server(192.168.0.10) in DMZ with IP address 172.29.8.180, as the VPN is between 172.29.150.0/24(HO) and 172.29.8.0/24(BO).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card