Cannot Access DMZ from Internal

Unanswered Question
Mar 26th, 2008

I am a beginner OF ASA. I found that I can't access DMZ from Internal segement. Anyone can give me an hint?

I attach my config

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
francisco_1 Wed, 03/26/2008 - 02:50

since your interfaces inside and dmz are on the same security level you dont need to do any NAT.

Try this.

access-list DMZ_access_in extended permit ip

access-group DMZ_access_in in interface DMZ

static (inside,DMZ) netmask

logintck Wed, 03/26/2008 - 05:23

Thank for your help

I change security level of DMZ and add your suggest commands, not still fail to access DMZ from internal

Please help. :(

husycisco Sat, 03/29/2008 - 09:00

Hi Don

Try this

no static (inside,DMZ) netmask

static (DMZ,inside) netmask


husycisco Sat, 03/29/2008 - 18:06


Since you want to reach DMZ from inside, please ignore my above comment. And plus, you dont need an ACL for this. Make the following changes in your config then post the most recent config

You dont have a global statement, are you sure that your inside can connect to internet?

no nat (inside) 0

nat (inside) 1

global (outside) 1 interface

no access-group DMZ_access_in in interface DMZ

no access-list DMZ_access_in extended permit ip

Above are necessary. And one of the following is necessary. It is either

global (dmz) 1 interface


static (inside,DMZ) netmask

After you are done, run the following

clear xlate

This will temporarily disconnect all connections.


logintck Sun, 03/30/2008 - 07:17

Thank you all of you. I fix the issue according the recommentation


This Discussion