cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
760
Views
4
Helpful
1
Replies

Cisco ASA Public DMZ

iroccorp.com
Level 1
Level 1

Hi,

I am trying to setup a Cisco ASA firewall. I have attached a diagram of what it needs to do.

I have managed to get the ASA to do the nat /pat (many inside to one outside address) traversals to work, but I am running into a problem with getting the DMZ's setup. I want to have a public DMZ, which has a public subnet inside and a private DMZ, which has inside addresses. I want to be able to route the public address space across the ASA, between the E0 and E1 interfaces, and be able to let network traffic, between the inside network and the inside DMZ to pass freely .

My problem is that i can't seem to get the routing between the interfaces to work.

Maybe someone here could provide me with a configuration example of allowing the network traffic to traverse those interfaces as described.

The Security Levels have been set as per documentation, where the outside interface is 0, the outside-dmz interface is 10, and the inside-dmz and inside interface is 100.

There should be no nat-ting occurring between any of the interfaces, except between the "inside" network interface and the "outside" network interface.

Please let me know

Thanks

S.

1 Reply 1

acomiskey
Level 10
Level 10

"be able to let network traffic, between the inside network and the inside DMZ to pass freely ."

For that you should need something like this

static (inside,INSIDE-DMZ) 192.168.100.0 192.168.100.0 netmask 255.255.255.0

does that help?

also, to initiate from the INSIDE-DMZ to the inside you would need to have an acl in interface INSIDE-DMZ

" to be able to route the public address space across the ASA, between the E0 and E1 interfaces"

try this...

static (OUTSIDE-DMZ,outside) 72.13.113.0 72.13.113.0 netmask 255.255.255.128

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: