[R1]----inside/100[FW]dmz/50-----[R3]
-R1=192.168.1.1, R3=192.168.3.3
-R3 should be able to telnet to R1
-R3 must be NATTED to 192.168.1.0/24 (inside network)
Here is the initial FW configuration:
access-list dmz_access_in extended permit tcp any host 192.168.1.1 eq telnet
access-group dmz_access_in in interface dmz
global (inside) 1 192.168.1.3-192.168.1.4
nat (dmz) 1 192.168.3.0 255.255.255.0
Telnet works but no NAT takes place:
R3#telnet 192.168.1.1
Trying 192.168.1.1 ... Open
R1>sho users
Line User Host(s) Idle Location
0 con 0 idle 00:07:53
*130 vty 0 idle 00:00:00 192.168.3.3
R1>
We need to add the "outside" keyword to the NAT translation
pixfirewall(config)# no nat (dmz) 1 192.168.3.0 255.255.255.0
pixfirewall(config)# nat (dmz) 1 192.168.3.0 255.255.255.0 outside
R3#telnet 192.168.1.1
Trying 192.168.1.1 ... Open
R1>sho users
Line User Host(s) Idle Location
0 con 0 idle 00:09:00
*130 vty 0 idle 00:00:00 192.168.1.3
R1>
No comments:
Post a Comment