Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DMZ Zone

Hi,

 

please  advice  the command  to  configure  a DMZ Zone  in the  cisco  Asa 5510 Firewall.

i have  already  inside and  outside interfaces.  All the users  need to  access the servers  in the DMZ Zone  and from  internet as well.

All  the servsers in the DMZ are  configured  with public  IP Address.

 

please advice.

Regards,

Saroj

1 REPLY
VIP Purple

Assuming you are running 8.3+

Assuming you are running 8.3+, you need:

  • An ACL on the outside interface allowing the needed traffic (example for allowing Web-traffic to your DMZ-host with IP 1.2.3.4):

access-list OUTSIDE-IN permit tcp any host 1.2.3.4 eq 80

  • If your NAT for internal clients is setup correctly and there is no ACL on the inside interface you are good to go. If you have an ACL on the inside, then you also need an entry to allow the traffic. That could look like the following if you want to allow all traffic from inside to the DMZ:

access-list INSIDE-IN permit ip any 1.2.3.0 255.255.255.0

 


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
180
Views
0
Helpful
1
Replies