NAT to server on DMZ?

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
cradivonyk
Not applicable

NAT to server on DMZ?

I have a PA-500.  Our public block of IP addresses come in on Ethernet1/1 (Untrust Zone). I have no trouble NAT'ing in an outside IP to an internal device that is physically connected to a network on Ethernet1/2 (Trust Zone).  Now, I created a "dmz" on Ethernet 1/4 and I gave the interface the address of 10.4.1.1.  I put a client on this network and I am able to connect to the internet just fine.  I installed Apache on the client to see if I could NAT in to a device on the DMZ and I it is not working for me. I don't know what I am missing...  any help?

Tags (4)

Accepted Solutions
snisar
L2 Linker

In your DMZ Inbound NAt rule, please replace "DMZ_Installs" with "Untrust" under destination zone. After commiting this change, your issue should be resolved, please let me know.

-snisar

View solution in original post


All Replies
snisar
L2 Linker

In your DMZ Inbound NAt rule, please replace "DMZ_Installs" with "Untrust" under destination zone. After commiting this change, your issue should be resolved, please let me know.

-snisar

View solution in original post

ncampagna
Palo Alto Networks Guru

To add a bit of explanation... the destination zone in NAT policy is the zone that the destination IP address is in before performing NAT.  So in your case, it is your public IP address on Ethernet1/1 (Untrust zone).

Thanks,
Nick Campagna

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!