Basic 5510 - Need Help.

Unanswered Question
Aug 14th, 2008
User Badges:

Hi,


I have ASA 5510 and would like to seek help in configuring basics..


Allowing traffic from inside to outside

Allowing traffic from outside to inside


allowing traffic from DMZ to outside

Allowing traffic from DMZ to inside

Allowing traffic from inside to DMZ


---------Config ---------------

ASA Version 7.0(7)

!

hostname ASA-Q8

domain-name Q8.COM

enable password xxx

names

dns-guard

!

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address 188.170.90.1 255.255.255.248

!

interface GigabitEthernet0/1

nameif INSIDE

security-level 100

ip address 192.168.1.1 255.255.255.252

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.10.10.1 255.255.255.0


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
husycisco Thu, 08/14/2008 - 15:28
User Badges:
  • Gold, 750 points or more

Hello Amin

For a more stable suggestion, I should see your entire config (or at least nat and static statements).

But something like the following should work for you


global (outside) 1 interface

nat (DMZ) 1 0 0

access-list dmz_access_in permit ip alloweddmzips alloweddmznetmask insidehostornetwork insidehostornetworknetmask

access-group dmz_access_in in interface DMZ


if you want to nat DMZ traffic to inside interface when traffic wants to reach inside, use the following

global (inside) 1 interface


If you dont want to have NAT between DMZ and inside, use the following

static (inside,dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0


Regards

Actions

This Discussion