Mapping of public IP to private IP

Unanswered Question
Sep 10th, 2010


     I have some issues with respect to the translating of the public IP address of our webserver for ASA 5510 ver 8.0.  The public IP address of our appserver is and it is mapped to a dmz address of  Now the problem here is I can't access the appserver couldn't be accessed both from the LAN and the outside.  I believe that normally the outside couldn't pass through the dmz since it is going from a lower security level to a higher one and yet why couldn't I access the dmz zone from the Local Area Network?  (See attached network diagram)

     I have issued already a static command: static (dmz,outside) netmask  I have also created an access-list in which it could permit traffic from the outside interface into the dmz interface.  Now, one of the problems that I see is this... our ISP have issued us another range of public IP address that we can use and one of it is issued on the outside interface of ASA:  Will this be one of the possible reasons in which the we couldn't access the appserver from the outside interface?

     What configuration did I miss? Can you help me on this?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 09/10/2010 - 07:08

Your static is the wrong way round ie. you have -

static (dmz,outside) netmask

it should be

static (dmz,outside) netmask

you need to allow access in the acl to the public address of



This Discussion