Traffic between ASA interfaces

Unanswered Question

Hi,


I have the following scenario:

Outside

|

ASA--DMZ (valid IP range/28)

|

Inside (10.0.0.0/20)


I need to set up the ASA so that traffic originating from a DMZ host, with destination being the ASA's outside IP address and port 25/tcp, will be redirected to a server on inside LAN. The problem is that I need to do this WITHOUT using NAT on the DMZ interface to map inside hosts.


NAT rules mapping the inside host to outside interface are working fine if traffic originages from the outside, but if it's from the DMZ just won't work.


Commands "inter-interface" and "intra-interface" are enabled but won't help it since security levels aren't the same.


Any tips?



Regards,

Guilherme



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Wed, 08/19/2009 - 13:25

I think you can use static nat like below.

static (inside,DMZ) tcp 25 25

You need add ACL to permit the traffic as well since it is from DMZ to inside.

Actions

This Discussion