- INSIDE can access OFFICE (mail, billing, application, dns) and INTERNET
- DMZ can communicate with OFFICE and INTERNET
- INSIDE and DMZ can access each other (all permissive)
- OFFICE can access DMZ especially http (e.g websvr ip is 220.127.116.11)
- OFFICE can access INSIDE's web (mrtgsvr IP is 192.168.107.29)
- OFFICE can pool snmp and WMI information from DMZ and INSIDE.
I have attached my current config file but it wasn't working. Using this configuration OFFICE and INTERNET is not reachable, not even the router 10.11.10.1
Can anyone help me out there to config my ASA properly according my objectives?
Thanks in Advance.
If no translation is required, you can configure "no nat-control".
For traffic from low security level to high security level, you would need to have static translation configured, and it works bidirectionally:
static (inside,outside) 192.168.107.0 192.168.107.0 netmask 255.255.255.0
static (dmz,outside) 192.168.109.0 192.168.109.0 netmask 255.255.255.0
This is assuming that the office ASA firewall is configured correctly.
If you would like to ping through the ASA, you would also need to add the following:
Hopefully the above should allow most of your objectives to work.