Accessing DMZ from Inside -- No NAT

Unanswered Question
Jun 20th, 2007

I'm trying to configure my ASA 5510 so that I can access servers in the DMZ (security-level 50) from machines on my inside network (security-level 100) and vice versa.

The machines in the DMZ are on the subnet and the inside machines are on I don't need NAT since there's no addressing conflict.

I tried two approaches:

access-list inside_dmz extended permit ip

nat (inside) 0 access-list inside_dmz


static (inside,dmz) netmask 0 0

The second method works; the first doesn't. What am I missing here? Why doesn't the first method work?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Wed, 06/20/2007 - 11:34

That should work fine either way. When you did "nat (inside) 0 etc." were you going from inside to dmz? Any logs on the ASA when it failed?

spottedowl Wed, 06/20/2007 - 12:39

It doesn't work in either direction. Nothing notable in the ASA logs either.


This Discussion