Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA 7.0

I had a post with a 6.3(4) referring to the same issue, so now Ive treid the same with an ASA.

My config:

int inside

security 100

ip add 172.20.1.1

int out

security 0

ip add 10.10.10.1

int dmz

192.168.4.1

security 20

nat (dmz) 1 192.168.4.0 255.255.255.0

global (inside) 1 interface

nat (inside) 2 172.20.1.0 255.255.255.0

global (outside) 2 10.10.10.2

ACL's on inside and dmz permit ip any any and permit icmp any any

I want to be able to access inside&outside and I cant.Only one works at a time: either from dmz to inside or dmz from outside, depending on how you play with the NAT.

Thanks,

Vlad

PS: Static is out of question as I have around 20-25 networks on the inside to be accessed from the dmz.

1 REPLY
Bronze

Re: ASA 7.0

I am not sure I understand this but I am assuming you want your internal users and dmz users to access the Internet. I think for that all you need is:

nat (inside) 1 172.20.1.0 255.255.255.0

nat (dmz) 1 192.168.4.0 255.255.255.0

global (outside) 1 interface

global (dmz) 1 interface

I also don't know why you would like DMZ devices to access the internal network but for that you will need to apply an ACL to dmz interface

104
Views
0
Helpful
1
Replies
CreatePlease to create content