Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
NAT fron Internal to DMZ
- Thread starter mutsu31
- Start date
Create an object with the private DMZ address and then under the NAT tab put the global address in as a 'static' translation. This will create an automatic NAT rule that can be checked on the NAT tab of the rule base.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Thread starter
- #3
You shouldn't really allow anything in the DMZ to access the internal network. However, if you do want to then just create the appropriate access rules in the rule base. You don't have to NAT the traffic in that situation.
If your internal network is hiding behind a PAT address then you can't create an access rule to allow connections to be initiated to that network. If all the network is hiding behind one address then which internal machine would the connection be to? You could only allow an initial connection to something that has a static NAT.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
If your internal network is hiding behind a PAT address then you can't create an access rule to allow connections to be initiated to that network. If all the network is hiding behind one address then which internal machine would the connection be to? You could only allow an initial connection to something that has a static NAT.
Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
- Status
Similar threads
- Locked
- Question
- Locked
- Question