Hi all, I need a 2nd opinion here. I tried to configure my ASA5505 to allow users from the âinside interfaceâ to access a server in the DMZ (see attached drawing). I did this my using a static command:
Static (dmz, inside) mapped_internal_ip_address real_ip_dmz_ip_address netmask 255.255.255.255.
This is also documented in CISCO document ID 64758 - pix70-nat-pat.pdf (attached file). Although this a very typical set up, my endeavor failed miserably.
I did the same and allow users from the âoutside interfaceâ to access the same server in the DMZ, and it worked flawlessly.
I did check sysopt, and proxyarp was not disabled.
I strongly suspected this a bug in the software, because Cisco documented this could be done.
I would like a second pair of eyes to verify my configuration.
See the configuration and err msg in the attached "Message text - ASA5505 Static Mapping Problem.doc".