I can't figure out how to configure NAT properly.
I want incoming http requests on interface outside to be forwarded to host 192.168.3.2 on interface dmz. But everything gets denied. Is this a NAT problem or an ACL problem?
The outside interface is 192.168.1.103
My config:
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan12
nameif dmz
security-level 50
ip address 192.168.3.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport access vlan 12
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd xxx
ftp mode passive
access-list outside_access_in extended permit tcp any eq www host 192.168.1.103
access-list dmz_access_in extended permit tcp any eq www host 192.168.1.103
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp interface www 192.168.3.2 www netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz