Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
316
Views
0
Helpful
1
Replies

DMZ Zone

saroj pradhan
Level 1
Level 1

‎03-12-2014 12:11 AM - edited ‎03-11-2019 08:55 PM

Hi,

 

please  advice  the command  to  configure  a DMZ Zone  in the  cisco  Asa 5510 Firewall.

i have  already  inside and  outside interfaces.  All the users  need to  access the servers  in the DMZ Zone  and from  internet as well.

All  the servsers in the DMZ are  configured  with public  IP Address.

 

please advice.

Regards,

Saroj

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎03-12-2014 12:24 AM

Assuming you are running 8.3+, you need:

  • An ACL on the outside interface allowing the needed traffic (example for allowing Web-traffic to your DMZ-host with IP 1.2.3.4):

access-list OUTSIDE-IN permit tcp any host 1.2.3.4 eq 80

  • If your NAT for internal clients is setup correctly and there is no ACL on the inside interface you are good to go. If you have an ACL on the inside, then you also need an entry to allow the traffic. That could look like the following if you want to allow all traffic from inside to the DMZ:

access-list INSIDE-IN permit ip any 1.2.3.0 255.255.255.0

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card