First time poster so please go easy... I'm having what I think is an issue with my ASA config. I'm trying to add a DMZ and its not working.
My network is somewhat unique in that I have a requirement to use all public IPs for all interfaces. so no private internal addresses on the interface side. I have both static and nat 0 items and I'm afraid this may be my problem. I'm not sure if this is correct. To add to the mix of interesting things I am setting the new interface for the DMZ up using a sub interface for the first time. I don't have access into the 6500 that feeds the DMZ vlan but I am told the port is in trunk mode with the vlan in question not set to the native vlan. I am setting it up this way as I will need to add some additional networks in the near future which this will allow me to do.
here are the basics of my config. I'm leaving out ACLs at this time for simplicity. IPs are changed all interfaces use public IPs the RFC 1918 networks you see are for a few L2L tunnels I have. It is in routed mode. I can post the whole thing if needed.
ip address 188.8.131.52 255.255.255.224
ip address 184.108.40.206 255.255.254.0
no ip address
description VLAN 22 DMZ network
ip address 220.127.116.11 255.255.255.224
access-list inside_nat0_outbound extended permit ip any 18.104.22.168 255.255.255.224
access-list inside_nat0_outbound extended permit ip 22.214.171.124 255.255.254.0 126.96.36.199 255.255.254.0
access-list inside_nat0_outbound extended permit ip 188.8.131.52 255.255.254.0 172.16.170.144 255.255.255.240
access-list inside_nat0_outbound extended permit ip host 184.108.40.206 220.127.116.11 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 10.10.24.0 255.255.255.128
access-list dmz_nat0_outbound extended permit ip 18.104.22.168 255.255.255.224 22.214.171.124 255.255.255.224
The inside interface works no problem. The DMZ interface however doesn't seem to have any traffic when I show int DMZ. I have a box in that network. I try to go out to the outside and nothing works. I try to go from inside to DMZ nothing. Part of me wonders if the 6500 is configured correctly, but everything I'm told says it is. I can't help but think my nat statements are messed up.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...