First time poster so please go easy... I'm having what I think is an issue with my ASA config. I'm trying to add a DMZ and its not working.
My network is somewhat unique in that I have a requirement to use all public IPs for all interfaces. so no private internal addresses on the interface side. I have both static and nat 0 items and I'm afraid this may be my problem. I'm not sure if this is correct. To add to the mix of interesting things I am setting the new interface for the DMZ up using a sub interface for the first time. I don't have access into the 6500 that feeds the DMZ vlan but I am told the port is in trunk mode with the vlan in question not set to the native vlan. I am setting it up this way as I will need to add some additional networks in the near future which this will allow me to do.
here are the basics of my config. I'm leaving out ACLs at this time for simplicity. IPs are changed all interfaces use public IPs the RFC 1918 networks you see are for a few L2L tunnels I have. It is in routed mode. I can post the whole thing if needed.
ip address 220.127.116.11 255.255.255.224
ip address 18.104.22.168 255.255.254.0
no ip address
description VLAN 22 DMZ network
ip address 22.214.171.124 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 126.96.36.199 255.255.255.224
access-list inside_nat0_outbound extended permit ip 188.8.131.52 255.255.254.0 184.108.40.206 255.255.254.0
access-list inside_nat0_outbound extended permit ip 220.127.116.11 255.255.254.0 172.16.170.144 255.255.255.240
access-list inside_nat0_outbound extended permit ip host 18.104.22.168 22.214.171.124 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 10.10.24.0 255.255.255.128
access-list dmz_nat0_outbound extended permit ip 126.96.36.199 255.255.255.224 188.8.131.52 255.255.255.224
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 0 184.108.40.206 255.255.254.0
nat (DMZ) 0 access-list dmz_nat0_outbound
nat (DMZ) 0 220.127.116.11 255.255.255.224
static (inside,outside) 18.104.22.168 22.214.171.124 netmask 255.255.254.0
static (DMZ,outside) 126.96.36.199 188.8.131.52 netmask 255.255.255.224
static (inside,DMZ) 184.108.40.206 220.127.116.11 netmask 255.255.254.0
access-group 101 in interface outside
access-group internal in interface inside
route outside 0.0.0.0 0.0.0.0 18.104.22.168 1
The inside interface works no problem. The DMZ interface however doesn't seem to have any traffic when I show int DMZ. I have a box in that network. I try to go out to the outside and nothing works. I try to go from inside to DMZ nothing. Part of me wonders if the 6500 is configured correctly, but everything I'm told says it is. I can't help but think my nat statements are messed up.