I have set up a DMZ on an ASA 5500. I can access the web server from the internet and cannot access it from the inside network.
The DMZ is using a 10 network and is static nat to a registered IP. The inside network is using a different 10 network. I cannot access the web server with either the 10 net address or the registered address. Shouldn't the inside users just be able to enter in the web site address and be able to get to the server?
I am doing the config using the ASDM program.
You will not be able to hit http://www.xxxxxx.com if it resolves to an outside ip address from inside the firewall. You will have to use dns doctoring (if your inside users use an external dns server) or use destination nat. The destination nat statment I wrote above will allow inside users to use the public.ip from inside the firewall, and the firewall will translate this to the private dmz address.
If www.xxxxx.com resolves to 22.214.171.124 and the ip address of the server in the dmz is 10.2.1.1 then you need....
static (dmz,inside) 126.96.36.199 10.2.1.1 netmask 255.255.255.255