Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Not able to pass traffic between DMZ and inside interface.

I'm trying to all all inside access to the DMZ and the internet.

DMZ has web server and Email.

Followed a document from cisco...

I'm attached a config.

Can browse internet from both DMZ and Inside networks.

I will rate high for any assistance.

5 REPLIES
New Member

Re: Not able to pass traffic between DMZ and inside interface.

I think you might need an ACL attached to your DMZ interface stating that you'll allow traffic from the DMZ inside.

Cisco Employee

Re: Not able to pass traffic between DMZ and inside interface.

please add :

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

regards,

Sushil

New Member

Re: Not able to pass traffic between DMZ and inside interface.

I'm still missing something. I added both the static and have tried access rules without success. Any other suggestions?

New Member

Re: Not able to pass traffic between DMZ and inside interface.

I think you need to specify not to nat between inside and dmz.

Please try:

nat (inside) 5 access-list nonat

access-list nonat extended permit 192.168.0.0 255.255.255.0 192.168.154.0 255.255.255.0

New Member

Re: Not able to pass traffic between DMZ and inside interface.

I don't think there needs to be any nating taking place on the inside of your firewall.

Are you getting any hits on the ACL you put allowing traffic from your DMZ to the inside

access-list dmz_in permit ip 192.168.154.0 255.255.255.0 192.168.1.0 255.255.255.0

access-group dmz_in in interface dmz

is it something like this you have and do you see hits against it?

155
Views
5
Helpful
5
Replies