Re: ASA 5505 NAT/PAT static Question
- From: Morph <morph.news@xxxxxxxxx>
- Date: Sun, 08 Feb 2009 02:22:10 +0100
In the message <498dcdfc$0$146$fb624d75@xxxxxxxxxxxxxxxxxxx> Colin Cant
wrote:
| Hi NG,
|
| i got following problem to solve:
|
| I got one single public ip address where by i PAT all my internal
| 192.168.X.Y networks.
| I got one DMZ interface using 192.168.2.X.
| I got internal hosts as example 192.168.3.X.
|
| now with the following config, my hosts from the internal network as well as
| the dmz hosts can get out to 0.0.0.0 without a problem.
|
| My current problem is, that i cannot connect from my internal 192.168.3.X
| network via my outside PAT address on to services with are hostet in the DMZ
| (192.168.2.X)
| what is the correct "static" config for connecting from inside via PAT
| address into my DMZ ?
|
| global (outside) 1 interface
| nat (inside) 0 access-list inside_nat0_outbound
| nat (inside) 1 0.0.0.0 0.0.0.0
| nat (dmz) 1 192.168.2.0 255.255.255.0
| static (dmz,outside) tcp interface www 192.168.2.XX www netmask
| 255.255.255.255 <-- DMZ Host
Why don't you connect to the DMZ address instead of the public address?
If it is because you don't have an inside DNS server and the dns name is
resolved to the public address then you can sort this out using dns
doctoring:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml
.
- Follow-Ups:
- Re: ASA 5505 NAT/PAT static Question
- From: Colin Cant
- Re: ASA 5505 NAT/PAT static Question
- References:
- ASA 5505 NAT/PAT static Question
- From: Colin Cant
- ASA 5505 NAT/PAT static Question
- Prev by Date: Re: ASA 5505 NAT/PAT static Question
- Next by Date: Csico 3640 => MTU/ISIS/MPLS
- Previous by thread: Re: ASA 5505 NAT/PAT static Question
- Next by thread: Re: ASA 5505 NAT/PAT static Question
- Index(es):
Relevant Pages
|
