I thought I had this figured out but now I don't.
Need inside and dmz if's to have access to www.
Need dmz systems to access specific systems on inside via specific ports.
Need inside systems to talk to dmz systems on specific ports.
I have attached my current running config. What am I doing wrong? Thanks in advance for any help.
The easiest way to get traffic from inside to dmz is
static (inside,dmz) netmask
in your case
static (inside,dmz) 10.10.30.1 10.10.30.1 netmask 255.255.255.0
None of that is working?
I would be more specific with this acl and deny ip to inside subnet, change
access-list ACLDMZ_IN deny ip any 10.10.0.0 255.255.0.0
access-list ACLDMZ_IN deny ip any 10.10.30.0 255.255.0.0
For inside to talk to dmz you have nothing permitted in your ACL_IN acl except www. Is there a specific reason you are using an ACL_IN, are you restricting inside users from certain things? I assume you have an outside router doing nat?