Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing DMZ host to contact Internal DNZ

I can ping, but not resolve names of hosts inside the firewall. I have the following settings:

10.0.0.0/16 Internal

172.16.110.0/24 DMX

static (Internal,DMZ) 10.0.0.0 10.0.0.0 netmask 255.255.0.0

access-list DMZ extended permit tcp host 172.16.110.10 host 10.0.22.205 object-group DNS

access-list DMZ extended permit tcp host 172.16.110.10 host 10.0.22.206 object-group DNS

Can someone please point me into the right direction?

Thanks

2 REPLIES
Green

Re: Allowing DMZ host to contact Internal DNZ

Did you add udp as well?

Is the acl applied access-group DMZ in interface DMZ?

New Member

Re: Allowing DMZ host to contact Internal DNZ

Yes. For some reason, I made a tcp group with port 53 tcp/udp and when I took the tcp out of the group, it works.

115
Views
0
Helpful
2
Replies
CreatePlease to create content