Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
201
Views
0
Helpful
1
Replies

Cisco ASA 8.2 DMZ

sanalbabu
Level 1
Level 1

‎03-19-2014 02:31 AM - edited ‎03-11-2019 08:57 PM

Hi,

 

I would like ot create a DMZ zone in my ASA firewall . Need to publish three webservers in DMZ which need to access from internet and inside users.

 

I have 3 public IP for 3 webservers. Would like to do NAT as well.Please see the subnets which i have allocated for the zones.

 

Inside :  

192.168.1.0/24

Outside :

x,x.x.0

DMZ :

192.168.10.0 /24   

 

Internal IP of the dmz servers are 192.168.10.11  , 12 & 13

 

request your help to achieve this connectivity.

 

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎03-19-2014 02:50 AM

First you need your static NAT-statements:

static (DMZ,outside) PUBLIC-IP1 192.168.10.11 netmask 255.255.255.255 
static (DMZ,outside) PUBLIC-IP2 192.168.10.12 netmask 255.255.255.255 
static (DMZ,outside) PUBLIC-IP3 192.168.10.13 netmask 255.255.255.255 

Next you have to allow the needed traffic with access-control (as an example with HTTP, SMTP and HTTPS on the three servers):

access-list OUTSIDE-IN extended permit tcp any host PUBLIC-IP1 eq 80
access-list OUTSIDE-IN extended permit tcp any host PUBLIC-IP2 eq 25
access-list OUTSIDE-IN extended permit tcp any host PUBLIC-IP3 eq 443
access-group OUTSIDE-IN in interface outside

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card