Hmm in a production enviroment... :-) Just to make sure, is that correct what I'm planning?
I make a net pool just for the ip of my DMZ Interface
ip nat pool NATPool_DMZ2 192.168.0.5 192.168.0.5
Then I create a policy
ip access-list session "SNAT_NTP-access"
alias "controller" host 192.168.120.2 "svc-ntp" src-nat pool "NATPool_DMZ2" position 1 queue low
any any any permit position 2 queue low
!
But I also need to allow all other traffic coming from and going to the controller, like it was before. Correct?
ip access-list session "SNAT_NTP-access"
alias "controller" host 192.168.120.2 "svc-ntp" src-nat pool "DREGER_NATPool_DMZ2" position 1 queue low
any any any permit position 2 queue low
!
Until here I'm already unsure, but now I have to assign this rule to a port. But what do I choose?
interface gigabitethernet 1/8
ip access-group "SNAT_NTP-access" session vlan 120
ip access-group "SNAT_NTP-access" session
!
Thanks for your help.
Greets