Solved: DMZ and Inside problems with NAT

rcordeiro · ‎07-09-2007

Hi all,

I have a ASA5510 with outside public IP, DMZ public network (x.x.x.64/29) and inside private (192.168.2.0/24) and I want to give access from the outside to the inside using an IP address from the DMZ.

The idea is to have a www.test.com pointing to x.x.x.65 (it's not the IP of the interface) but I don't have a server in the DMZ, I only have a server inside (192.168.2.10).

How can I do this?

Best regards for all.

acomiskey · ‎07-09-2007

Does this work...

static (inside,outside) x.x.x.65 192.168.2.10 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host x.x.x.65 eq www

access-group outside_access_in in interface outside

View solution in original post

acomiskey · ‎07-09-2007

Does this work...

static (inside,outside) x.x.x.65 192.168.2.10 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host x.x.x.65 eq www

access-group outside_access_in in interface outside

rcordeiro · ‎07-09-2007

My config:

interface Ethernet0/0

nameif Inside

security-level 100

ip address 192.168.2.2 255.255.255.0

!

interface Ethernet0/1

nameif DMZ

security-level 50

ip address x.x.x.70 255.255.255.248

!

interface Ethernet0/2

nameif Outside

security-level 0

ip address 192.168.10.2 255.255.255.0

!

access-list Outside_nat0_inbound extended permit ip any x.x.x.64 255.255.255.248

access-list Outside_access_in extended permit ip any host x.x.x.69

access-list DMZ_access_in extended permit ip host x.x.x.69 host 192.168.2.15

!

nat (Outside) 0 access-list Outside_nat0_inbound outside

static (Inside,DMZ) x.x.x.69 192.168.2.15 netmask 255.255.255.255

access-group Inside_access_in in interface Inside

access-group DMZ_access_in in interface DMZ

access-group Outside_access_in in interface Outside

This is the relevant config.

Regards

acomiskey · ‎07-09-2007

Did you try my posted suggestion above?