03-27-2008 08:34 AM - edited 03-11-2019 05:23 AM
Hi I am a beginner of ASA (8.0). I setup a ASA for device upgrade. I want to set up servers in DMZ. Unfortunately, I found that I can't access Server (in DMZ) from inside interface, for example, web access or ping test
I am checking it for long time and add the following commands but the problem is still exist.
#access-list DMZ_access_in extended permit ip 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0
#access-group DMZ_access_in in interface DMZ
static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0
Anyone give me a help??
I attach my config
03-27-2008 08:43 AM
03-27-2008 09:50 AM
This should do the trick
access-list DMZ_access_in extended permit icmp 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0
access-group DMZ_access_in in interface DMZ
static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0
You don't need to permit ip in the acl for traffic originating from the inside.
03-27-2008 09:49 AM
I do not see the static in the config that you sent, but the one in your post has the wrong ip's.
Should be static (inside,DMZ) 192.168.88.0 192.168.89.0 netmask 255.255.255.0
03-27-2008 09:51 AM
static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0
will work fine.
03-30-2008 07:18 AM
Thank you all of you. I fix the issue according the recommentation
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: