Access list for NAT
mattrgee
Member Posts: 201
Hi all,
One of our machines in our DMZ is NAT'd into our inside network:
static (inside,dmz) 192.168.0.40 10.10.10.47 netmask 255.255.255.255 0 0
Hosts on the 10.10.10.0/24 network need to access the DMZ machine (192.168.0.40) using VNC (5900).
I'm a bit confused about what the destination for the access list will be due to the NAT'd address being on the inside network.
Any help appreciated.
Thanks.
One of our machines in our DMZ is NAT'd into our inside network:
static (inside,dmz) 192.168.0.40 10.10.10.47 netmask 255.255.255.255 0 0
Hosts on the 10.10.10.0/24 network need to access the DMZ machine (192.168.0.40) using VNC (5900).
I'm a bit confused about what the destination for the access list will be due to the NAT'd address being on the inside network.
Any help appreciated.
Thanks.
Comments
-
clikcspeed
Member Posts: 29 ■□□□□□□□□□
Very interesting! I´m taking ICND2 and am cracking myself on this one...-clikc-
-
Ahriakin
Member Posts: 1,799 ■■■■■■■■□□
You use the IP they will see, so 10.10.10.47.
However if you're using an ASA version 8.3 adds the ability to use the local address for a lot of traditionally post-nat functions now, I haven't played with it yet though.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?