New Member

Static Nat and Route-map.


My network has got DMZ( and LAN( segments.

I want to do static nat one of the DMZ server to LAN address

And also want to alow the DMZ server to to be access from Internet.

I have VPN setup between LAN and (H.0).

So after the doing the static NAT of DMZ server( to LAN address( is it possible to access the DMZ server from H.O thru VPN?


interface FastEthernet0/0

description Interface Inside$FW_INSIDE$

ip address


interface FastEthernet0/1

description Interface Outside$FW_OUTSIDE$

ip address A.B.C.2


interface Vlan1

description Interface DMZ$FW_DMZ$

ip address


ip nat pool pool-1 A.B.C.30 A.B.C.31 netmask

ip nat inside source route-map SDM_RMAP_1 pool pool-1 overload

ip nat inside source static A.B.C.24 route-map SDM_RMAP_1 extendable no-alias

ip nat inside source static route-map VPN-DMZ-LAN extendable no-alias


route-map SDM_RMAP_1 permit 1

match ip address 104


route-map VPN-DMZ-LAN permit 1

match ip address 115


#show access-list 104

Extended IP access list 104

10 deny ip

20 deny ip <<<===Is this statement required?

30 permit ip any

40 permit ip any


#show access-list 115

Extended IP access list 115

10 permit ip



Re: Static Nat and Route-map.


Need some clarity about the interesting traffic which you have mentioned up for encryption .

Also the ip being used by the HO to access the remote site.. are they going to access or ?


New Member

Re: Static Nat and Route-map.


HO will access the server( in DMZ with IP address, as the VPN is between and

