Need Help getting Outside network to talk to DMZ

Unanswered Question

I'm in the testing phase of setting up an ASA 5520 and I'm having some issues getting the Outside network to talk to the DMZ. I set up a test using a web server on (SCADADEV01) and I thought I had it NATed correctly and had the right ACL but I cannot seemed to get to from the test computer Can you give me a little help. Attached is the config file.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

Your NAT is incorrect, and your outside acl is incorrect.

I would configure something like - for testing:-

static (DMZ,outside) tcp interface www www netmask

Then write the acl

access-list outside_access_in permit tcp any interface outside eq 80


OK - firstly,

You are typing the wrong IP address. You are natting on the firewall - so you will not be able to connect to the DMZ IP address, as this is not know on the outside.

Test again using the IP address ""

Secondly - enable logging, then check the logs. You can also check to see if your access is being hit - show access-list. The you should check connectivity locally from a device in the DMZ.



This Discussion