Not able to pass traffic between DMZ and inside interface.

Unanswered Question
Oct 23rd, 2008
User Badges:

I'm trying to all all inside access to the DMZ and the internet.


DMZ has web server and Email.


Followed a document from cisco...

I'm attached a config.

Can browse internet from both DMZ and Inside networks.


I will rate high for any assistance.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Brent Rockburn Thu, 10/23/2008 - 12:28
User Badges:

I think you might need an ACL attached to your DMZ interface stating that you'll allow traffic from the DMZ inside.

suschoud Thu, 10/23/2008 - 15:18
User Badges:
  • Gold, 750 points or more

please add :


static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0


regards,

Sushil



risenshine4th Mon, 10/27/2008 - 13:06
User Badges:

I'm still missing something. I added both the static and have tried access rules without success. Any other suggestions?


Brent Rockburn Thu, 10/30/2008 - 08:10
User Badges:

I don't think there needs to be any nating taking place on the inside of your firewall.


Are you getting any hits on the ACL you put allowing traffic from your DMZ to the inside


access-list dmz_in permit ip 192.168.154.0 255.255.255.0 192.168.1.0 255.255.255.0


access-group dmz_in in interface dmz


is it something like this you have and do you see hits against it?

Actions

This Discussion