Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMZ to Interal Network?

Hey guys

I have 3 nets - an outside/29, an inside 10.0.0.1/24, and a DMZ 10.1.0.1/24. I would like a few servers in the DMZ to be able to talk to a few servers on the inside net, just a few ports. What is the correct way to establish this?

Thanks,

Dan

4 REPLIES
Gold

Re: DMZ to Interal Network?

enable static commands as follows:

static (inside,dmz) 10.0.0.50 10.0.0.50

enable access-list on dmz interface:

access-list dmz_acl permit tcp host 10.1.0.5 host 10.0.0.50 eq 80

access-group dmz_acl in interface dmz

this is an example to enable dmz host at 10.1.0.5 to access 10.0.0.50 on the inside on tcp port 80.

Green

Re: DMZ to Interal Network?

Something like this will do the trick. Obviously the permit statements in the acl would be whatever you needed, I just used an example to allow the dmz to 3 inside hosts.

static (inside, dmz) 10.0.0.0 10.0.0.0 netmask 255.255.255.255

access-list dmz permit ip any host 10.0.0.1

access-list dmz permit ip any host 10.0.0.2

access-list dmz permit ip any host 10.0.0.3

access-list dmz deny ip any 10.0.0.0 255.255.255.0

access-list dmz permit ip any any

access-group dmz in interface DMZ

The last 2 lines in the acl are important if you want the DMZ to be able to access the outside.

Please rate helpful posts.

New Member

Re: DMZ to Interal Network?

Awesome guys, thanks for the quick response!

Gold

Re: DMZ to Interal Network?

oh yeah, don't forget those last two lines of acomiskey's config...VERY important. *slaps self for forgetting them*

these configs also assume nat-control is configured btw, if you're running 7.x.

111
Views
10
Helpful
4
Replies
CreatePlease to create content