Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Accessing DMZ from Inside -- No NAT

I'm trying to configure my ASA 5510 so that I can access servers in the DMZ (security-level 50) from machines on my inside network (security-level 100) and vice versa.

The machines in the DMZ are on the 10.1.2.0/24 subnet and the inside machines are on 10.1.1.0/24. I don't need NAT since there's no addressing conflict.

I tried two approaches:

access-list inside_dmz extended permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0

nat (inside) 0 access-list inside_dmz

and

static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0 0 0

The second method works; the first doesn't. What am I missing here? Why doesn't the first method work?

2 REPLIES
Green

Re: Accessing DMZ from Inside -- No NAT

That should work fine either way. When you did "nat (inside) 0 etc." were you going from inside to dmz? Any logs on the ASA when it failed?

Community Member

Re: Accessing DMZ from Inside -- No NAT

It doesn't work in either direction. Nothing notable in the ASA logs either.

144
Views
0
Helpful
2
Replies
CreatePlease to create content