Enabling DMZ interface

Unanswered Question
Apr 14th, 2009

Hi,

I have Cisco ASA5510 ,and configured the interface 0/0 as a OUTSIDE and assigned an IP address,interface 0/1 is assigned as a INSIDE and assigned an IP address,I have configured the interface 0/3 as a DMZ ,and assigned an IP address and NATTING and done properly,still I am not able to access the internet from teh DMZ zone,where as we are able to access the internet from teh INSIDE zone.

Is there any license issue to enable the DMZ?Please help me

Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lavanholy Tue, 04/14/2009 - 06:11

Please see below the configuration:

ASA Version 8.0(4)

!

hostname ciscoasa

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

nameif OUTSIDE

security-level 0

ip address 202.169.212.81

255.255.255.248

!

interface Ethernet0/1

nameif INSIDE

security-level 100

ip address 172.20.0.1 255.255.0.0

!

interface Ethernet0/2

nameif DMZ

security-level 50

ip address 192.168.2.1 255.255.255.0

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

ftp mode passive

dns domain-lookup OUTSIDE

dns server-group DefaultDNS

name-server 193.88.97.197

name-server 193.88.97.212

pager lines 24

logging asdm informational

mtu OUTSIDE 1500

mtu INSIDE 1500

mtu DMZ 1500

mtu INSIDE 1500

mtu DMZ 1500

mtu management 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-613.bin

no asdm history enable

arp timeout 14400

nat-control

global (OUTSIDE) 1 interface

nat (INSIDE) 1 172.20.0.0 255.255.0.0

nat (DMZ) 1 192.168.2.0 255.255.255.0

route OUTSIDE 0.0.0.0 0.0.0.0 202.169.212.82 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

.

.

.

.

.

Please go through the above configuration and do the needful.

Regards,

Actions

This Discussion