Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

problem nat outside to inside and DMZ to inside?

Dear Expert,

now i have some issue that i use portforwarding from outside to inside and DMZ to inside.

now i have lap first from ASA e0/0 to PC1 (outside) and PC2 eth0/1 (inside) and PC3 eth0//2 (DMZ)

from inside can ping to outside but outside cannot access into inside.

this command that i used :

access-list outside_acl_in extended permit tcp any host 10.51.51.1 eq 80

static (inside,outside) tcp inter 10.10.10.1 netmask 255.255.255.255

is it correct on this command?

------------------------------------------------------------------------------------------------------------------------------------------------

any way i want to allow from DMZ to inside also but is still not work

access-list dmz_acl_in extended permit tcp any host 20.20.20.1 eq 3389

static (inside,dmz) tcp inter 10.10.10.1 netmask 255.255.255.255

this command above is not working but is use this command as bellow is working, i don't know why?

access-list dmz_acl_in extended permit tcp any host 10.10.10.1 eq 3389

static (inside,DMZ) 10.10.10.1 10.10.10.1 netmask 255.255.255.255

Could you help me on this issue?

which command that allow from outside to inside?

which command that allow from DMZ to inside?

which command that allow from ouside to DMZ?

Note: i use IOS ver:  ASA Version 8.0(4)

Best Regards,

Join

1 REPLY

problem nat outside to inside and DMZ to inside?

Hello Join,

I do not fully understand your english but here we go!

access-list outside_acl_in extended permit tcp any host 10.51.51.1 eq 80

static (inside,outside) tcp inter 10.10.10.1 netmask 255.255.255.255

No, it is not correct. If you want to allow incoming traffic on port 20 to the outside interface to  be redirected to 10.10.10.1

it should be:

static (inside,outside) tcp inter 80 10.10.10.1 80  netmask 255.255.255.255

access-list outside_acl_in extended permit tcp any host outside_interface_ip eq 80

Same thing with the other requests,

Do rate all the helpful posts!!!

Julio

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
185
Views
0
Helpful
1
Replies