06-07-2007 05:32 PM - edited 03-11-2019 03:26 AM
Hi,
I am trying to setup a Cisco ASA firewall. I have attached a diagram of what it needs to do.
I have managed to get the ASA to do the nat /pat (many inside to one outside address) traversals to work, but I am running into a problem with getting the DMZ's setup. I want to have a public DMZ, which has a public subnet inside and a private DMZ, which has inside addresses. I want to be able to route the public address space across the ASA, between the E0 and E1 interfaces, and be able to let network traffic, between the inside network and the inside DMZ to pass freely .
My problem is that i can't seem to get the routing between the interfaces to work.
Maybe someone here could provide me with a configuration example of allowing the network traffic to traverse those interfaces as described.
The Security Levels have been set as per documentation, where the outside interface is 0, the outside-dmz interface is 10, and the inside-dmz and inside interface is 100.
There should be no nat-ting occurring between any of the interfaces, except between the "inside" network interface and the "outside" network interface.
Please let me know
Thanks
S.
06-08-2007 09:26 AM
"be able to let network traffic, between the inside network and the inside DMZ to pass freely ."
For that you should need something like this
static (inside,INSIDE-DMZ) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
does that help?
also, to initiate from the INSIDE-DMZ to the inside you would need to have an acl in interface INSIDE-DMZ
" to be able to route the public address space across the ASA, between the E0 and E1 interfaces"
try this...
static (OUTSIDE-DMZ,outside) 72.13.113.0 72.13.113.0 netmask 255.255.255.128
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide