HI .. you need to check that routing is working first .. in other words make sure that the VLANs know how to get to the DMZ segment and make sure the DMZ segment knows how to get to the inside VLANs. Then the only thing you need is to allow access from inside to DMZ ( Allowed by default is not using access list). You also need to bypass NAT inside to DMZ as below
access-list nonat extended permit ip 10.101.0.0 255.255.0.0 10.200.0.0 255.255.0.0
access-list nonat extended permit ip 10.120.0.0 255.255.0.0 10.200.0.0 255.255.0.0
nat (inside) 0 access-list nonat
You might also need to bypas NAT from DMZ to inside as below
access-list nonatDMZ extended permit ip any 10.101.0.0 255.255.0.0
access-list nonatDMZ extended permit ip any 10.120.0.0 255.255.0.0
nat (dmz) 0 access-list nonatDMZ outside
If you need traffic to be initiated from the DMZ to the inside vlans then you also need to specifically allow that access on an access-list applied to the dmz interface.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...