ASA 7.0

Unanswered Question
Jan 19th, 2009
User Badges:

I had a post with a 6.3(4) referring to the same issue, so now Ive treid the same with an ASA.

My config:

int inside

security 100

ip add

int out

security 0

ip add

int dmz

security 20

nat (dmz) 1

global (inside) 1 interface

nat (inside) 2

global (outside) 2

ACL's on inside and dmz permit ip any any and permit icmp any any

I want to be able to access inside&outside and I cant.Only one works at a time: either from dmz to inside or dmz from outside, depending on how you play with the NAT.



PS: Static is out of question as I have around 20-25 networks on the inside to be accessed from the dmz.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Tshi M Tue, 01/20/2009 - 12:53
User Badges:
  • Silver, 250 points or more

I am not sure I understand this but I am assuming you want your internal users and dmz users to access the Internet. I think for that all you need is:

nat (inside) 1

nat (dmz) 1

global (outside) 1 interface

global (dmz) 1 interface

I also don't know why you would like DMZ devices to access the internal network but for that you will need to apply an ACL to dmz interface


This Discussion