Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Hiding Inside Addresses on DMZ

I'm a relative newbie but trying to learn the hard way how to configure my ASA 5510.

Iin addition to the inside and outside networks, we have a DMZ subnet which consists of one machine directly connected to the ASA.

For the purposes of this question, here are the subnets:




The DMZ host is

What I'm trying to set up is the least amount of connectivity necessary for a reverse proxy to operate on the DMZ host. We have one exchange server that the DMZ host needs to access on I'd like to obfuscate/hide the inside network addresses via a static NAT statement on the ASA.

Ideally, the DMZ host ( would connect to the DMZ address and this would be translated by the ASA and routed to

I have set up a static NAT rule with the following command:

static (inside,DMZ) netmask

This does not seem to have done the job as connections are not being accepted from the DMZ to the inside host, even though I can connect to the inside host from the inside network. What am I doing wrong? Let me know if I can give you any debugging info.

CreatePlease to create content