Cisco ASA Public DMZ

Unanswered Question
Jun 7th, 2007

Hi,

I am trying to setup a Cisco ASA firewall. I have attached a diagram of what it needs to do.

I have managed to get the ASA to do the nat /pat (many inside to one outside address) traversals to work, but I am running into a problem with getting the DMZ's setup. I want to have a public DMZ, which has a public subnet inside and a private DMZ, which has inside addresses. I want to be able to route the public address space across the ASA, between the E0 and E1 interfaces, and be able to let network traffic, between the inside network and the inside DMZ to pass freely .

My problem is that i can't seem to get the routing between the interfaces to work.

Maybe someone here could provide me with a configuration example of allowing the network traffic to traverse those interfaces as described.


The Security Levels have been set as per documentation, where the outside interface is 0, the outside-dmz interface is 10, and the inside-dmz and inside interface is 100.


There should be no nat-ting occurring between any of the interfaces, except between the "inside" network interface and the "outside" network interface.


Please let me know

Thanks

S.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
acomiskey Fri, 06/08/2007 - 09:26

"be able to let network traffic, between the inside network and the inside DMZ to pass freely ."


For that you should need something like this


static (inside,INSIDE-DMZ) 192.168.100.0 192.168.100.0 netmask 255.255.255.0


does that help?


also, to initiate from the INSIDE-DMZ to the inside you would need to have an acl in interface INSIDE-DMZ


" to be able to route the public address space across the ASA, between the E0 and E1 interfaces"


try this...


static (OUTSIDE-DMZ,outside) 72.13.113.0 72.13.113.0 netmask 255.255.255.128

Actions

This Discussion