I am trying to allow access from one computer in the dmz to our internal network. This is a temporary setup used for testing. Can anyone point me towards documents on how to do this? I am not mapping to a "legal" address on the Inside. I just want the one computer in the dmz to have UDP access to the computers on the Inside.
Thanks for the quick reply Marcus! I will go ahead and try this but I was wondering why you map the inside machine to itself in the Static statement above. Shouldn't it go to the IP in the dmz? I understand the conduit statement because it maps from one ip to another but I was confused with the static.
I mapped the inside IP to itself because there is not usually a need to NAT from the inside to DMZ interfaces. The DMZ interface is usually still part of your private network and therefore any routing should be setup already and then you don't burn an address on the DMZ segment for thhe inside host. You certainly could map the inside host to a global address in the DMZ network if you wanted. Just remember that if you do you will need to change the access-list or conduit to reflect the global address of the inside host.
192.168.20. is my inside network. So rather than setting up access for a particular machine a static route has already been setup for the entire inside network. So in this case I only need to add either a conduit or access list statement. Is that correct?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...