Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DMZ and Inside problems with NAT

Hi all,

I have a ASA5510 with outside public IP, DMZ public network (x.x.x.64/29) and inside private (192.168.2.0/24) and I want to give access from the outside to the inside using an IP address from the DMZ.

The idea is to have a www.test.com pointing to x.x.x.65 (it's not the IP of the interface) but I don't have a server in the DMZ, I only have a server inside (192.168.2.10).

How can I do this?

Best regards for all.

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: DMZ and Inside problems with NAT

Does this work...

static (inside,outside) x.x.x.65 192.168.2.10 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host x.x.x.65 eq www

access-group outside_access_in in interface outside

3 REPLIES
Green

Re: DMZ and Inside problems with NAT

Does this work...

static (inside,outside) x.x.x.65 192.168.2.10 netmask 255.255.255.255

access-list outside_access_in extended permit tcp any host x.x.x.65 eq www

access-group outside_access_in in interface outside

New Member

Re: DMZ and Inside problems with NAT

My config:

interface Ethernet0/0

nameif Inside

security-level 100

ip address 192.168.2.2 255.255.255.0

!

interface Ethernet0/1

nameif DMZ

security-level 50

ip address x.x.x.70 255.255.255.248

!

interface Ethernet0/2

nameif Outside

security-level 0

ip address 192.168.10.2 255.255.255.0

!

access-list Outside_nat0_inbound extended permit ip any x.x.x.64 255.255.255.248

access-list Outside_access_in extended permit ip any host x.x.x.69

access-list DMZ_access_in extended permit ip host x.x.x.69 host 192.168.2.15

!

nat (Outside) 0 access-list Outside_nat0_inbound outside

static (Inside,DMZ) x.x.x.69 192.168.2.15 netmask 255.255.255.255

access-group Inside_access_in in interface Inside

access-group DMZ_access_in in interface DMZ

access-group Outside_access_in in interface Outside

This is the relevant config.

Regards

Green

Re: DMZ and Inside problems with NAT

Did you try my posted suggestion above?

102
Views
0
Helpful
3
Replies