Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMZ access in to inside( primary and backup) mapping

Dear All expert,

I would like to ask you some question and the same time i had issue too.i had ASA5510,i had interface Inside,Outside and DMZ.On Inside i have two server(primary and bakcup), so i want to allow some port from DMZ to inside( i mean i want to allow port 1441 to inside both primary and backup. could you let me know how can i configure on ASA? normally i can configure only one server in inside but i we have two server and allow the same port and the same DMZ the command not allow. please help me to solve this issue.please see in the attach file.

Best Regards,

Join

1 REPLY

Re: DMZ access in to inside( primary and backup) mapping

Join,

Looking at net diagram u should be able to acomplish your requirements in couple of ways ,you could either create a nonat exampt acl, create nat exempt rule nat(inside) 0 between the two interfaces and apply a nonat acl there periting ip.

or just simply go this way bellow.

static (inside,DMZ) 192.168.2.1 192.168.2.1 netmask 255.255.255.255

static (inside,DMZ) 192.168.2.2 192.168.2.2 netmask 255.255.255.255

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 80

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 1441

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 1442

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 80

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 1441

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 1442

access-group DMZ_access_in in interface DMZ

B.Regards

191
Views
0
Helpful
1
Replies
CreatePlease to create content