Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Server in DMZ

Hi I am a beginner of ASA (8.0). I setup a ASA for device upgrade. I want to set up servers in DMZ. Unfortunately, I found that I can't access Server (in DMZ) from inside interface, for example, web access or ping test

I am checking it for long time and add the following commands but the problem is still exist.

#access-list DMZ_access_in extended permit ip 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0

#access-group DMZ_access_in in interface DMZ

static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

Anyone give me a help??

I attach my config

5 REPLIES
New Member

Re: Server in DMZ

Green

Re: Server in DMZ

This should do the trick

access-list DMZ_access_in extended permit icmp 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0

access-group DMZ_access_in in interface DMZ

static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

You don't need to permit ip in the acl for traffic originating from the inside.

New Member

Re: Server in DMZ

I do not see the static in the config that you sent, but the one in your post has the wrong ip's.

Should be static (inside,DMZ) 192.168.88.0 192.168.89.0 netmask 255.255.255.0

Green

Re: Server in DMZ

static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

will work fine.

New Member

Re: Server in DMZ

Thank you all of you. I fix the issue according the recommentation

129
Views
0
Helpful
5
Replies
CreatePlease to create content