Not able to pass traffic between DMZ and inside interface.

risenshine4th · ‎10-23-2008

I'm trying to all all inside access to the DMZ and the internet.

DMZ has web server and Email.

Followed a document from cisco...

I'm attached a config.

Can browse internet from both DMZ and Inside networks.

I will rate high for any assistance.

Brent Rockburn · ‎10-23-2008

I think you might need an ACL attached to your DMZ interface stating that you'll allow traffic from the DMZ inside.

suschoud · ‎10-23-2008

please add :

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

regards,

Sushil

risenshine4th · ‎10-27-2008

I'm still missing something. I added both the static and have tried access rules without success. Any other suggestions?

ofwegen · ‎10-30-2008

I think you need to specify not to nat between inside and dmz.

Please try:

nat (inside) 5 access-list nonat

access-list nonat extended permit 192.168.0.0 255.255.255.0 192.168.154.0 255.255.255.0

Brent Rockburn · ‎10-30-2008

I don't think there needs to be any nating taking place on the inside of your firewall.

Are you getting any hits on the ACL you put allowing traffic from your DMZ to the inside

access-list dmz_in permit ip 192.168.154.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group dmz_in in interface dmz

is it something like this you have and do you see hits against it?