I'm trying to configure my ASA 5510 so that I can access servers in the DMZ (security-level 50) from machines on my inside network (security-level 100) and vice versa.
The machines in the DMZ are on the 10.1.2.0/24 subnet and the inside machines are on 10.1.1.0/24. I don't need NAT since there's no addressing conflict.
I tried two approaches:
access-list inside_dmz extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0
nat (inside) 0 access-list inside_dmz
static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0
The second method works; the first doesn't. What am I missing here? Why doesn't the first method work?