Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cannot Access DMZ from Internal

I am a beginner OF ASA. I found that I can't access DMZ from Internal segement. Anyone can give me an hint?

I attach my config

8 REPLIES
New Member

Re: Cannot Access DMZ from Internal

attachment

Re: Cannot Access DMZ from Internal

since your interfaces inside and dmz are on the same security level you dont need to do any NAT.

Try this.

access-list DMZ_access_in extended permit ip 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0

access-group DMZ_access_in in interface DMZ

static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

New Member

Re: Cannot Access DMZ from Internal

Thank for your help

I change security level of DMZ and add your suggest commands, not still fail to access DMZ from internal

Please help. :(

New Member

Re: Cannot Access DMZ from Internal

Config file

Re: Cannot Access DMZ from Internal

Hi Don

Try this

no static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

static (DMZ,inside) 192.168.89.0 192.168.89.0 netmask 255.255.255.0

Regards

Re: Cannot Access DMZ from Internal

Don,

Since you want to reach DMZ from inside, please ignore my above comment. And plus, you dont need an ACL for this. Make the following changes in your config then post the most recent config

You dont have a global statement, are you sure that your inside can connect to internet?

no nat (inside) 0 0.0.0.0 0.0.0.0

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

no access-group DMZ_access_in in interface DMZ

no access-list DMZ_access_in extended permit ip 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0

Above are necessary. And one of the following is necessary. It is either

global (dmz) 1 interface

or

static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

After you are done, run the following

clear xlate

This will temporarily disconnect all connections.

Regards

New Member

Re: Cannot Access DMZ from Internal

Thank you all of you. I fix the issue according the recommentation

Re: Cannot Access DMZ from Internal

Hi Don

Please rate the posts with highest grade (if it fixed your issue) and click on resolved my issue, which fixed the issue. Rating does not cost any fee.

http://forums.cisco.com/eforum/servlet/NetProf?page=help_rating

Regards

208
Views
3
Helpful
8
Replies
CreatePlease to create content