Having serious trouble getting my DMZ zone to work as planned.
The setup is typical, having WAN interface, and a internal interface with a few vlans on it - besides that I now configured a new VLAN on a vacant interface eth0/3 which I am planning to use as DMZ.
internal VLANs - security level 100
DMZ VLAN - security level 50
WAN interface - security level 0
ticked on the "Allow between interfaces with same secury level" which made it easy to configure access between everything located internal, also from internal to DMZ.
However I have 1 public IP and I wish to port NAT to servers in the DMZ. Just to test I tried to make a public server following cisco's guide http://www.cisco.com/en/US/docs/security/asa/asa83/getting_started/5500/guide/dmz.html#wp1065777
When I am trying to NAT to the external IP I get this following error :
[ERROR] nat (DMZ_SKA,WAN) static XXX.XXX.XXX.XXX service tcp 3389 3389
Address XXX.XXX.XXX.XX overlaps with outside interface address.
ERROR: NAT Policy is not downloaded
Then tried using the CLI with a command like :
nat (DMZ_SKA,WAN) static interface service tcp 3389 3389
Still no joy, even when allowing everything on WAN and DMZ nothing is working. If I try to NAT port 80 it gets blocked by the firewall at the WAN interface even though I explicity allowed it.
Anyone with bright ideas ?