Problem DMZ to Inside and Inside to DMZ

rechard_david · ‎03-05-2008

Dear Expert,

Now i have problem, i use ASA 5510 and i have interface inside,outside and DMZ and i would like DMZ can access into inside and Inside can access into DMZ, and the both can access outside(Internet).now it have problem it cannot access ..

Please see configuration in the attach file.

Best Regards,

Jon Marshall · ‎03-05-2008

Hi Rechard

Please see Wan Routing & Switching forum where i have posted an answer.

Jon

wasiimcisco · ‎03-06-2008

Kindly add the following commands and clear xlate and clear conn

static (inside,dmz) 192.168.3.0 192.168.3.0 netmask 255.255.255.0

access-list dmz extended permit ip 192.168.4.0 255.255.255.0 192.168.3.0 255.255.255.0

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

nat (dmz) 1 0.0.0.0 0.0.0.0

firewall is statuful, traffic from dmz to inside will allow by above mention static command and access-list on dmz interface and vice versa

you also removed this You internet will work. No need of this command.

static (dmz,inside) 192.168.3.0 192.168.4.0 netmask 255.255.255.0

global (dmz) 1 interface.

Thanks