Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Route to DMZ on ASA help from diagram?

I am trying to figure out how to get a workstation on the 192.168.5.0 network to a Web server on the DMZ.
The gateway for the client is 192.168.5.2 The default route is 0.0.0.0 0.0.0.0 192.168.3.1
I've tried adding another route 192.168.2.0 255.255.255.0 192.168.3.1, but it's not working.
The client gets out to the Internet, can ping 192.168.3.1, but not reach the DMZ There is a static route defined on the ASA back to the clients subnet - 192.168.5.0 255.255.255.0 192.168.3.2

Previously routing was done on the ASA, but now this is no longer an option


Sent from Cisco Technical Support Android App

1 REPLY
Purple

Route to DMZ on ASA help from diagram?

Hi,

You must  NAT from inside to DMZ or do static identity NAT for inside to DMZ.

Which version of OS is running on the ASA ?

if version <8.3 then you can do static identity NAT like this:

nat(inside,DMZ) 192.168.3.0 192.168.3.0 netmask 255.255.255.0

if version > 8.3

object network INSIDE

subnet 192.168.5.0

object network DMZ

subnet 192.168.2.0

nat(inside,DMZ) source static INSIDE INSIDE  destination static DMZ DMZ

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
108
Views
0
Helpful
1
Replies
CreatePlease to create content