Hi,
I have 3 DMZs and an inside network.
Inside network is 192.168.1.0/24, DMZ1 is 192.168.2.0/24, DMZ2 is
3.0/24, and DMZ 3 is 4.0/24.I want all networks to be able to talk to each other without NAT (there will be ACLs however).
Currently I have NAT statements like this:
static (inside,dmz1) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 static (inside,dmz2) 192.168.1.0 192.168.1.0 netmask 255.255.255.0 static (inside,dmz3) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
These allow any host from 192.168.1.0/24 to talk to the DMZs (ACL permitting of course).
However, what is the most efficient way to get all the DMZs talking to each other without NAT? Do I have to use commands like:
static (dmz1,dmz2) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 static (dmz1,dmz3) 192.168.2.0 192.168.2.0 netmask 255.255.255.0 static (dmz2,dmz1) 192.168.3.0 192.168.3.0 netmask 255.255.255.0 static (dmz2,dmz3) 192.168.3.0 192.168.3.0 netmask 255.255.255.0 static (dmz3,dmz1) 192.168.4.0 192.168.4.0 netmask 255.255.255.0 static (dmz3,dmz2) 192.168.4.0 192.168.4.0 netmask 255.255.255.0
Is there a more efficient or secure way?
Thanks. Andrew.