DMZ and Inside problems with NAT

Answered Question
Jul 9th, 2007
User Badges:

Hi all,


I have a ASA5510 with outside public IP, DMZ public network (x.x.x.64/29) and inside private (192.168.2.0/24) and I want to give access from the outside to the inside using an IP address from the DMZ.

The idea is to have a www.test.com pointing to x.x.x.65 (it's not the IP of the interface) but I don't have a server in the DMZ, I only have a server inside (192.168.2.10).

How can I do this?


Best regards for all.

Correct Answer by acomiskey about 9 years 9 months ago

Does this work...


static (inside,outside) x.x.x.65 192.168.2.10 netmask 255.255.255.255


access-list outside_access_in extended permit tcp any host x.x.x.65 eq www

access-group outside_access_in in interface outside

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
acomiskey Mon, 07/09/2007 - 10:07
User Badges:
  • Green, 3000 points or more

Does this work...


static (inside,outside) x.x.x.65 192.168.2.10 netmask 255.255.255.255


access-list outside_access_in extended permit tcp any host x.x.x.65 eq www

access-group outside_access_in in interface outside

rcordeiro Mon, 07/09/2007 - 10:27
User Badges:

My config:


interface Ethernet0/0

nameif Inside

security-level 100

ip address 192.168.2.2 255.255.255.0

!

interface Ethernet0/1

nameif DMZ

security-level 50

ip address x.x.x.70 255.255.255.248

!

interface Ethernet0/2

nameif Outside

security-level 0

ip address 192.168.10.2 255.255.255.0

!

access-list Outside_nat0_inbound extended permit ip any x.x.x.64 255.255.255.248

access-list Outside_access_in extended permit ip any host x.x.x.69

access-list DMZ_access_in extended permit ip host x.x.x.69 host 192.168.2.15

!

nat (Outside) 0 access-list Outside_nat0_inbound outside

static (Inside,DMZ) x.x.x.69 192.168.2.15 netmask 255.255.255.255

access-group Inside_access_in in interface Inside

access-group DMZ_access_in in interface DMZ

access-group Outside_access_in in interface Outside



This is the relevant config.


Regards

acomiskey Mon, 07/09/2007 - 11:14
User Badges:
  • Green, 3000 points or more

Did you try my posted suggestion above?

Actions

This Discussion