Access DMZ server from inside with public and private ip

Unanswered Question
Apr 26th, 2007
User Badges:
  • Green, 3000 points or more

I would like to access a dmz server with both public and private ip's from the inside. I can access private with

static (inside,dmz) netmask

and I can access by public with destination NAT

static (dmz,inside) netmask

but I can't put them in at the same time or I get "no translation group found" when trying private ip. Any advice, I guess this isn't possible? ASA 7.2.1

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
oabduo983 Thu, 04/26/2007 - 11:28
User Badges:
  • Bronze, 100 points or more


Can you post the ip addresses on each interface? what do you mean by public IP? ip on the outside or ip on the dmz?


acomiskey Thu, 04/26/2007 - 11:35
User Badges:
  • Green, 3000 points or more

Public meaning it's external address, 64.x.x.x. You can see the subnets by looking at the statics I posted but

inside - 192.168.1.x

dmz - 172.16.x.x

outside - 64.x.x.x

Dmz server private ip is

Dmz server public ip is

From inside I want to access dmz server by AND

Wizzle Fri, 04/27/2007 - 07:44
User Badges:

Look at this...static (inside,dmz) netmask

I hope isn't a network address or maybe you mean netmask

acomiskey Fri, 04/27/2007 - 07:53
User Badges:
  • Green, 3000 points or more

That statement is correct and is very common. It allows the subnet to communicate with the dmz.


This Discussion