I have a DMZ named DMZ4. The address range is 192.168.31.0/24. The gateway address is 192.168.31.1 I have a host with an IP of 192.168.31.5 that needs access to the internet. I have created a static translation, static (dmz4,outside) xx.xx.xx.136 192.168.31.5 netmask 255.255.255.255, where xx.xx.xx.136 is a public IP.
I have created the following ACL, access-list dmz4-out extended permit ip host 192.168.31.5 any
I have attached a diagram to show what I am trying to do.
However, this host cannot reach the internet. I know I am missing something simple but cannot figure out what it may be. Any help would be appreciated. Thanks.
Are you supposed to be natting the DMZ4 traffic out? I'm assuming so, but you don't have a nat translation for your dmz interface.
nat (dmz4) 1 0 0
Although, I don't see natting for any of your dmz interfaces, so I'm not sure if you want to.
Well, if there is no hitcount on the ACL, then the traffic is not even coming in to the ASA dmz4 interface.
Please check if your server default gateway is 192.168.31.1, then add "icmp permit any dmz4" on the ASA and see if you can ping 192.168.31.1 from the server. The switch port that is connected to the server should also be in vlan 31.
If you are trying to ping the internet, then you should also add "inspect icmp" as follows: