ASA5520 dmz webserver access

Unanswered Question
Apr 10th, 2008

We have a proxy-server in a DMZ (DMZ-proxy) on an ASA5520.

On another DMZ (DMZ-intranet) we have a number of company web-servers.

The users on the inside are accessing the internet via the Proxy-server.

The Proxy-server has DNS settings from only the ISP (so no internal DNS is available).

When internal users want to go to the company web servers they also need to go via the Proxy-server.

The Proxy-server resolves the DNS names of the WEB-servers as external IP addresses.


How can I make sure that the external IP addresses are "redirected" to another DMZ (dmz-intranet), so that internal users are redirected to the DMZ-intranet?

Can this be done with DNS-doctoring?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbayuka Wed, 04/16/2008 - 09:25

Inside Access to web server on DMZ can be done by many way. This is one way to do....

public ip = X.1.1.1

dmz ip =

static (dmz,inside) X.1.1.1 netmask


This Discussion