Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

dmz

Server on dmz with private ip 10.10.10.10 mapped with ip 172.20.1.10

static(dmz,inside) 172.20.1.10 10.10.10.10 mask 255.255.255.255

Is it inside users are going to access machine on  dmz through outside interface ?

6 REPLIES
Super Bronze

Re: dmz

Hi,

Your INSIDE host can/will access the DMZ host with the IP address 172.20.1.10 from the INSIDE interface (provided you got the route for it OR default route points towards ASA which probably is the case)

Outside interface has nothing to do with the above configuration

- Jouni

EDIT: Had written DMZ instead of INSIDE at the start of the sentence.

New Member

dmz

What interface is 172.20.1.10 on?

If 172.20.1.10 is on the INSIDE interface, then any client requesting 172.20.1.10 coming into the firewall from the INSIDE interface would be able to hit the private IP (As long as ACL's allow it).

If 10.10.10.10 send data to the INSIDE, it will get converted to 172.20.1.10, but will not if it goes out another interface.

I hope this helps.

Scape

New Member

Re: dmz

journiforss,  both the inside and dmz are interfaces on the ASA,  no routing is necessary right (as long as using version 8.43 or later)?

Re: dmz

Hello Prashant,

As your nat says (DMZ,INSIDE) those 2 interfaces are the only ones involved on the communication from an inside host to the DMZ server.

That being said let me know if you need something else.

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

dmz

Hi

Is it inside users can access the dmz server with mapped address?

Super Bronze

Re: dmz

Hi,

With the NAT command you mentioned in the original post

static(dmz,inside) 172.20.1.10 10.10.10.10 mask 255.255.255.255

You can access the DMZ server 10.10.10.10 from your INSIDE network with the mapped address of 172.20.1.10

- Jouni

303
Views
8
Helpful
6
Replies
CreatePlease to create content