Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
1
Replies

ASA 7.0

hunnetvl01
Level 1
Level 1

‎01-19-2009 08:44 AM - edited ‎03-11-2019 07:39 AM

I had a post with a 6.3(4) referring to the same issue, so now Ive treid the same with an ASA.

My config:

int inside

security 100

ip add 172.20.1.1

int out

security 0

ip add 10.10.10.1

int dmz

192.168.4.1

security 20

nat (dmz) 1 192.168.4.0 255.255.255.0

global (inside) 1 interface

nat (inside) 2 172.20.1.0 255.255.255.0

global (outside) 2 10.10.10.2

ACL's on inside and dmz permit ip any any and permit icmp any any

I want to be able to access inside&outside and I cant.Only one works at a time: either from dmz to inside or dmz from outside, depending on how you play with the NAT.

Thanks,

Vlad

PS: Static is out of question as I have around 20-25 networks on the inside to be accessed from the dmz.

Labels:
0 Helpful
1 Reply 1

Tshi M
Level 5
Level 5

‎01-20-2009 12:53 PM

I am not sure I understand this but I am assuming you want your internal users and dmz users to access the Internet. I think for that all you need is:

nat (inside) 1 172.20.1.0 255.255.255.0

nat (dmz) 1 192.168.4.0 255.255.255.0

global (outside) 1 interface

global (dmz) 1 interface

I also don't know why you would like DMZ devices to access the internal network but for that you will need to apply an ACL to dmz interface

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card