04-08-2024 11:04 PM
Hi All,
i have some doubts ....
1.i have three zone TRUST,DMZ,UNTRUST.
2.there is a nat policy from TRUST zone, DMZ zone to untrust
3.all interface is under same VR .and there i haven't add any static route yet. instead i create a PBF rule from both TRUST AND DMZ to UNTRUST (destination interface=untrust interface, next-hop untrust pc)
4.Securty policy to allow traffic from trust,DMZ to untrust zone
5.i can reach to untrust PC from DMZ,TRUST .
I want my trust and dmz to communicate each other so i simply add the security rule which allow traffic from trust to dmz,dmz to trust.
but nothing worked as i expected. when i checked the traffic i saw that the traffic from trust is getting nated to the untrust ip and the traffic flow showing that it is going from trust to untrust . same goes for when i tried ping to trust from dmz zone.
so i disabled the pbf rule and every things working . whenever i enable the pbf rule its getting nated to untrust interface ip also its working when i create a static route for interacting with untrust.
only thing is these zones cant communicate each other if i enabled the PBF.any idea why this is happening
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
