Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
330
Views
0
Helpful
2
Replies

Allowing DMZ host to contact Internal DNZ

jgorman1977
Level 1
Level 1

‎05-27-2008 12:00 PM - edited ‎03-11-2019 05:50 AM

I can ping, but not resolve names of hosts inside the firewall. I have the following settings:

10.0.0.0/16 Internal

172.16.110.0/24 DMX

static (Internal,DMZ) 10.0.0.0 10.0.0.0 netmask 255.255.0.0

access-list DMZ extended permit tcp host 172.16.110.10 host 10.0.22.205 object-group DNS

access-list DMZ extended permit tcp host 172.16.110.10 host 10.0.22.206 object-group DNS

Can someone please point me into the right direction?

Thanks

Labels:
0 Helpful
2 Replies 2

acomiskey
Level 10
Level 10

‎05-27-2008 03:13 PM

Did you add udp as well?

Is the acl applied access-group DMZ in interface DMZ?

0 Helpful

jgorman1977
Level 1
Level 1
In response to acomiskey

‎05-28-2008 04:12 AM

Yes. For some reason, I made a tcp group with port 53 tcp/udp and when I took the tcp out of the group, it works.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card