ASA 7.0

Unanswered Question
Jan 19th, 2009
User Badges:

I had a post with a 6.3(4) referring to the same issue, so now Ive treid the same with an ASA.

My config:


int inside

security 100

ip add 172.20.1.1


int out

security 0

ip add 10.10.10.1


int dmz

192.168.4.1

security 20


nat (dmz) 1 192.168.4.0 255.255.255.0

global (inside) 1 interface


nat (inside) 2 172.20.1.0 255.255.255.0

global (outside) 2 10.10.10.2


ACL's on inside and dmz permit ip any any and permit icmp any any

I want to be able to access inside&outside and I cant.Only one works at a time: either from dmz to inside or dmz from outside, depending on how you play with the NAT.


Thanks,

Vlad


PS: Static is out of question as I have around 20-25 networks on the inside to be accessed from the dmz.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tshi M Tue, 01/20/2009 - 12:53
User Badges:
  • Silver, 250 points or more

I am not sure I understand this but I am assuming you want your internal users and dmz users to access the Internet. I think for that all you need is:

nat (inside) 1 172.20.1.0 255.255.255.0

nat (dmz) 1 192.168.4.0 255.255.255.0

global (outside) 1 interface

global (dmz) 1 interface


I also don't know why you would like DMZ devices to access the internal network but for that you will need to apply an ACL to dmz interface

Actions

This Discussion