Server in DMZ

Unanswered Question
Mar 27th, 2008

Hi I am a beginner of ASA (8.0). I setup a ASA for device upgrade. I want to set up servers in DMZ. Unfortunately, I found that I can't access Server (in DMZ) from inside interface, for example, web access or ping test

I am checking it for long time and add the following commands but the problem is still exist.

#access-list DMZ_access_in extended permit ip

#access-group DMZ_access_in in interface DMZ

static (inside,DMZ) netmask

Anyone give me a help??

I attach my config

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
acomiskey Thu, 03/27/2008 - 09:50

This should do the trick

access-list DMZ_access_in extended permit icmp

access-group DMZ_access_in in interface DMZ

static (inside,DMZ) netmask

You don't need to permit ip in the acl for traffic originating from the inside.

Jesse Wiener Thu, 03/27/2008 - 09:49

I do not see the static in the config that you sent, but the one in your post has the wrong ip's.

Should be static (inside,DMZ) netmask

acomiskey Thu, 03/27/2008 - 09:51

static (inside,DMZ) netmask

will work fine.

logintck Sun, 03/30/2008 - 07:18

Thank you all of you. I fix the issue according the recommentation


This Discussion