Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configuring a DMZ zone on ASA 5505

Hi,

The scenario is to connect two networks together through a DMZ zone.

I have a Cisco ASA 5505 firewall with a LAN network of 192.168.0.0/24 and an external IP of 78.x.x.243.

I also have another network for my CCTV cameras with a LAN of 192.168.1.0/24 but without any external IP.

Now what I want is to connect my CCTV network (192.168.1.0) throught DMZ zone in order to be able to access the internet from my ASA firewall.

I would appreciate if you can post any procedure to do that on ASDM.

Thank you very much for your time

Kind Regards

Leon

3 REPLIES

Re: Configuring a DMZ zone on ASA 5505

Hi,

An ASA 5505 will support a full DMZ interface only if having the Security Plus license (sh ver)

If so.... then you can configure this interface (give it a name, security level, and IP)

Also to allow the communication you might need a NAT rule and ACLs.

If having nat-control you are required to define a NAT rule.

If going to a higher-security interface (inside) you need a static NAT and ACL permitting the traffic.

If going to a lower-security interface (outside) you need global NAT and ACL permitting the traffic (in case there's an ACL).

Federico.

New Member

Re: Configuring a DMZ zone on ASA 5505

Hi Federico and thank you for your reply.

I have the Security Plus license.

Basically, because I only have one external IP I want my CCTV network (without external IP) to be able access internet through my other network

with the external IP configured on ASA 5505.

So, I will configure the dmz interface with my CCTV inside LAN (192.168.1.0), security level, name etc.

and then I will need to create Dynamic NAT Rule or static NAT rule?

Purple

Re: Configuring a DMZ zone on ASA 5505

Hi,

If you want to connect to cctv from outside then static NAT and ACL inbound on outside

don't forget to put security level of dmz less than inside because by default same security level traffic is not permitted through.

Regards.

Don't forget to rate helpful posts.
920
Views
0
Helpful
3
Replies