Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5510: Want to have traffic between Web, DMZ and Inside Network

I've attached a clean copy of my config.

I've used the 172.x.x.x and 192.x.x.x to limit visibility.

Im trying to allow typical traffic form inside network to the DMZ, traffic from the Web sites to the DMZ, and Traffic out of the DMZ to both Internal and Web.

My only success appears to be able to browse the Internet/Web from from both the DMZ servers and the Inside network.

I'm trying to map traffic from

172.16.1.8 --->192.168.0.8 Inside

172.16.1.24 --->192.168.0.24 Inside DNS

172.16.1.207 --->192.168.154.7 DMZ

172.16.1.135 --->192.168.154.6 DMZ http, domain(DNS)

--->192.168.0.4 Inside https, smtp

172.16.1.136 --->192.154.6 DMZ http,https

Config is working on an old Netscreen 10.

Any help is appreciated.

4 REPLIES
New Member

Re: ASA 5510: Want to have traffic between Web, DMZ and Inside N

172.16.1.135 --->192.168.154.6 DMZ http, domain(DNS)

172.16.1.135--->192.168.0.4 Inside https, smtp

This one doesn't allow Nat of more than one of the same host IP.

New Member

Re: ASA 5510: Want to have traffic between Web, DMZ and Inside N

I have updated my configuration.

I question wether or not the outside NAT rules would conflict with the inside and DMZ rules?

I figure one way to overcome the access barrier between the DMZ and Inside is to set the security level of the interfaces to the same level and enable the same level checkbox.

I'd rather keep the interfaces on different levels.

Can anyone confirm a problem with my configuration/rules?

I have used http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5500/quick/guide/dmz.html

(I've tried adding the 10.10.10.0..static rulewithout success. I suspect something is missing here as this document hides details in the screen shots.)

New Member

Re: ASA 5510: Want to have traffic between Web, DMZ and Inside N

Could the LAN to DMZ traffic be a license issue?

New Member

Re: ASA 5510: Want to have traffic between Web, DMZ and Inside N

you need a access-list applied to dmz int in to allow dmz to inside

149
Views
0
Helpful
4
Replies