10-23-2008 12:00 PM - edited 03-11-2019 07:01 AM
I'm trying to all all inside access to the DMZ and the internet.
DMZ has web server and Email.
Followed a document from cisco...
I'm attached a config.
Can browse internet from both DMZ and Inside networks.
I will rate high for any assistance.
10-23-2008 12:28 PM
I think you might need an ACL attached to your DMZ interface stating that you'll allow traffic from the DMZ inside.
10-23-2008 03:18 PM
please add :
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
regards,
Sushil
10-27-2008 01:06 PM
I'm still missing something. I added both the static and have tried access rules without success. Any other suggestions?
10-30-2008 06:08 AM
I think you need to specify not to nat between inside and dmz.
Please try:
nat (inside) 5 access-list nonat
access-list nonat extended permit 192.168.0.0 255.255.255.0 192.168.154.0 255.255.255.0
10-30-2008 08:10 AM
I don't think there needs to be any nating taking place on the inside of your firewall.
Are you getting any hits on the ACL you put allowing traffic from your DMZ to the inside
access-list dmz_in permit ip 192.168.154.0 255.255.255.0 192.168.1.0 255.255.255.0
access-group dmz_in in interface dmz
is it something like this you have and do you see hits against it?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: