NAT and Static Statements

Unanswered Question
Sep 12th, 2008
User Badges:

I have an ASA 5500 that sits behind the internet router. On this ASA, I have the inside hosts that connects tto the internet via a proxy server. The proxy server is located in the dmz, where I have my ISA,Web client and exchange servers(all in dmz), everybody connects to the internet via the proxy server located in the dmz.

Also I want my remote users to have access to the dmz.

Can someone please give me a step by step config guide on how to do this.

inside hosts---->ASA----->internet router





A config guide with the scenario that has a step by step guide will be deeply appreciated.

Attached is what have been able to come up with, please correct me where necessary.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajay chauhan Sat, 09/13/2008 - 01:03
User Badges:
  • Silver, 250 points or more

In this case your poxy server ip is natted with public IP which Is allowed to communicate to internet .

If you want external users to access your DMZ server you must nat that server IP via using static nat command and allow access rules on outside interface .

Hope this help.


binhkdinh Tue, 09/16/2008 - 17:53
User Badges:

By reading your text file, I think you're on right track. However, in step 7, you should have "access-group 110 in interface dmz" instead of "access-group 110 out interface outside"




This Discussion