×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.
Federico Coto F... Tue, 12/21/2010 - 11:10
User Badges:
  • Green, 3000 points or more

Hi,


To allow communication from inside to DMZ in this case you use static for the translation:


static (inside,dmz) inside inside netmask 255.255.0.0


And allow the traffic on the ACL:


access-list inside-outbound extended permit tcp any host sftp eq 3389


So, it seems you have the configuration...

If it does not work do the following test:


packet-tracer input inside tcp 1.1.1.1 1025 2.2.2.2 3389


The above will show us if the packets are being dropped by the ASA for some reason.

Assuming 1.1.1.1 is the real IP of the inside host accesing the DMZ host 2.2.2.2


Federico.



Actions

This Discussion

Related Content