Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
354
Views
0
Helpful
2
Replies

Accessing DMZ from Inside -- No NAT

spottedowl
Level 1
Level 1

‎06-20-2007 10:54 AM - edited ‎03-11-2019 03:33 AM

I'm trying to configure my ASA 5510 so that I can access servers in the DMZ (security-level 50) from machines on my inside network (security-level 100) and vice versa.

The machines in the DMZ are on the 10.1.2.0/24 subnet and the inside machines are on 10.1.1.0/24. I don't need NAT since there's no addressing conflict.

I tried two approaches:

access-list inside_dmz extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0

nat (inside) 0 access-list inside_dmz

and

static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0

The second method works; the first doesn't. What am I missing here? Why doesn't the first method work?

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎06-20-2007 11:34 AM

That should work fine either way. When you did "nat (inside) 0 etc." were you going from inside to dmz? Any logs on the ASA when it failed?

0 Helpful

spottedowl
Level 1
Level 1
In response to acomiskey

‎06-20-2007 12:39 PM

It doesn't work in either direction. Nothing notable in the ASA logs either.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card