ASA 7.0

Unanswered Question
Jan 19th, 2009

I had a post with a 6.3(4) referring to the same issue, so now Ive treid the same with an ASA.

My config:

int inside

security 100

ip add 172.20.1.1

int out

security 0

ip add 10.10.10.1

int dmz

192.168.4.1

security 20

nat (dmz) 1 192.168.4.0 255.255.255.0

global (inside) 1 interface

nat (inside) 2 172.20.1.0 255.255.255.0

global (outside) 2 10.10.10.2

ACL's on inside and dmz permit ip any any and permit icmp any any

I want to be able to access inside&outside and I cant.Only one works at a time: either from dmz to inside or dmz from outside, depending on how you play with the NAT.

Thanks,

Vlad

PS: Static is out of question as I have around 20-25 networks on the inside to be accessed from the dmz.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Tshi M Tue, 01/20/2009 - 12:53

I am not sure I understand this but I am assuming you want your internal users and dmz users to access the Internet. I think for that all you need is:

nat (inside) 1 172.20.1.0 255.255.255.0

nat (dmz) 1 192.168.4.0 255.255.255.0

global (outside) 1 interface

global (dmz) 1 interface

I also don't know why you would like DMZ devices to access the internal network but for that you will need to apply an ACL to dmz interface

Actions

This Discussion