From: buesink@fma.nl
Date: Tue Aug 23 2005 - 05:28:36 GMT-3
Hi Guys,
Now I also have the configs...
Question :
Why can't I reach SRV-1-WEB031 from the DMZ-2 on it's OUTSIDE configured address (191.12.112.14). From the outside I can reach the server by this address. I can reach the server from the DMZ-2 on it's REAL address 172.16.1.31.
but I want to reach it ALSO via the 191.12.112.14).
Thanks
global (outside) 1 interface
nat (inside) 1 10.100.128.0 255.255.252.0
nat (dmz-1) 1 172.16.1.0 255.255.255.0
nat (dmz-2) 1 172.18.1.0 255.255.255.0
static (inside,dmz-1) 10.100.128.0 10.100.128.0 netmask 255.255.252.0
static (inside,dmz-2) 10.100.128.0 10.100.128.0 netmask 255.255.252.0
static (dmz-1,outside) 191.12.112.14 SRV-1-WEB031 netmask 255.255.255.255
static (dmz-2,outside) 191.12.112.36 SRV-2-PRT226 netmask 255.255.255.255
static (dmz-2,vpnlan) 172.18.1.0 172.18.1.0 netmask 255.255.255.0
static (dmz-2,outside) 191.12.112.38 SRV-2-DC221 netmask 255.255.255.255
static (dmz-2,dmz-1) 172.18.1.0 172.18.1.0 netmask 255.255.255.0
name 172.16.1.31 SRV-1-WEB031
name 172.18.1.6 SRV-2-PRT226
name 172.18.1.2 SRV-2-DC221
nameif vlan2 inside security100
nameif vlan17 dmz-1 security50
nameif vlan20 outside security0
nameif vlan12 dmz-2 security51
nameif vlan19 vpnlan security10
Every access-list on all interfaces is set to "permit any any" for testing
I think it's a NAT issue
Question:
From the OUTSIDE I can reach the SRV-1-WEB031 with the outside address
From the DMZ-2 I can reach the SRV-1-WEB031 on it's real internal address (172.16.1.31), but NOT on it's
OUTSIDE address...(191.12.112.14) How can I do this?
Many thanks!
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3