Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Basic 5510 - Need Help.

Hi,

I have ASA 5510 and would like to seek help in configuring basics..

Allowing traffic from inside to outside

Allowing traffic from outside to inside

allowing traffic from DMZ to outside

Allowing traffic from DMZ to inside

Allowing traffic from inside to DMZ

---------Config ---------------

ASA Version 7.0(7)

!

hostname ASA-Q8

domain-name Q8.COM

enable password xxx

names

dns-guard

!

interface GigabitEthernet0/0

nameif Outside

security-level 0

ip address 188.170.90.1 255.255.255.248

!

interface GigabitEthernet0/1

nameif INSIDE

security-level 100

ip address 192.168.1.1 255.255.255.252

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 10.10.10.1 255.255.255.0

2 REPLIES

Re: Basic 5510 - Need Help.

Hello Amin

For a more stable suggestion, I should see your entire config (or at least nat and static statements).

But something like the following should work for you

global (outside) 1 interface

nat (DMZ) 1 0 0

access-list dmz_access_in permit ip alloweddmzips alloweddmznetmask insidehostornetwork insidehostornetworknetmask

access-group dmz_access_in in interface DMZ

if you want to nat DMZ traffic to inside interface when traffic wants to reach inside, use the following

global (inside) 1 interface

If you dont want to have NAT between DMZ and inside, use the following

static (inside,dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0

Regards

92
Views
0
Helpful
2
Replies