Basic 5510 - Need Help.

Unanswered Question
Aug 14th, 2008

Hi,

I have ASA 5510 and would like to seek help in configuring basics..

Allowing traffic from inside to outside

Allowing traffic from outside to inside

allowing traffic from DMZ to outside

Allowing traffic from DMZ to inside

Allowing traffic from inside to DMZ

---------Config ---------------

ASA Version 7.0(7)

!

hostname ASA-Q8

domain-name Q8.COM

enable password xxx

names

dns-guard

!

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address 188.170.90.1 255.255.255.248

!

interface GigabitEthernet0/1

nameif INSIDE

security-level 100

ip address 192.168.1.1 255.255.255.252

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.10.10.1 255.255.255.0

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
husycisco Thu, 08/14/2008 - 15:28

Hello Amin

For a more stable suggestion, I should see your entire config (or at least nat and static statements).

But something like the following should work for you

global (outside) 1 interface

nat (DMZ) 1 0 0

access-list dmz_access_in permit ip alloweddmzips alloweddmznetmask insidehostornetwork insidehostornetworknetmask

access-group dmz_access_in in interface DMZ

if you want to nat DMZ traffic to inside interface when traffic wants to reach inside, use the following

global (inside) 1 interface

If you dont want to have NAT between DMZ and inside, use the following

static (inside,dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

Regards

Actions

This Discussion