ASA 5505 inside access to dmz

Unanswered Question
Mar 5th, 2009
User Badges:

I have an ASA 5505 setup with 3 vlans (outside 0, dmz 50, and inside 100). I can't figure out how to allow the clinets on the inside vlan access to the dmz. inside has access to internet, dmz has access to internet, and internet has access to dmz. My config is attached (I do have a site to site ipsec vpn that is working)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sdoremus33 Thu, 03/05/2009 - 18:36
User Badges:
  • Bronze, 100 points or more

One thing I did see was this

access-list nonat extended permit ip

access-list inside_nat0_outbound extended permit ip log debugging

shouldnt be

jjursch Thu, 03/05/2009 - 19:19
User Badges: is my remote site to site vpn. I think those statements were added for to support the vpn, but I really do not remember.

vikram_anumukonda Thu, 03/05/2009 - 23:27
User Badges:
  • Bronze, 100 points or more

looks like you have an issue with your NAT configs.

what is this "static (dmz,inside) 71.x.x.46 netmask" used for ? is the x.x same as in

"static (dmz,outside) 71.x.x.46 netmask"

try configuring nat exemption from DMZ to INSIDE and see if it helps.


This Discussion