Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Hiding Inside Addresses on DMZ

I'm a relative newbie but trying to learn the hard way how to configure my ASA 5510.

Iin addition to the inside and outside networks, we have a DMZ subnet which consists of one machine directly connected to the ASA.

For the purposes of this question, here are the subnets:

outside: 192.168.10.0/24

inside: 192.168.50.0/24

DMZ: 192.168.100.0/24

The DMZ host is 192.168.100.20.

What I'm trying to set up is the least amount of connectivity necessary for a reverse proxy to operate on the DMZ host. We have one exchange server that the DMZ host needs to access on 192.168.50.50:443. I'd like to obfuscate/hide the inside network addresses via a static NAT statement on the ASA.

Ideally, the DMZ host (192.168.100.20) would connect to the DMZ address 192.168.100.252:443 and this would be translated by the ASA and routed to 192.168.50.50:443.

I have set up a static NAT rule with the following command:

static (inside,DMZ) 192.168.100.252 192.168.50.50 netmask 255.255.255.255

This does not seem to have done the job as connections are not being accepted from the DMZ to the inside host, even though I can connect to the inside host from the inside network. What am I doing wrong? Let me know if I can give you any debugging info.

146
Views
0
Helpful
0
Replies
CreatePlease to create content