Part of my config is as shown below: What I'm trying to do is establish connection from my dmz to the inside network. The plan is to put a dns server on the dmz so the internal one will use that for the outside dns.
Currently I have a ftp server on the dmz zone, clients are able to access it from outside and access is also ok from the inside as well.
However I was trying to open a telnet session in order to test to make sure that
The machine that the dns will be installed on can talk to the internal server.
192.168.200.6 ---> server on the dmz zone
192.168.100.50 ----> dns server on the inside
The command I used was similar to the ftp server but it didn't work, can you help. Thanks
E.g.. access-list 101 permit tcp host 192.168.200.6 eq telnet any
access-list 101 permit tcp any any eq domain
access-list 101 permit tcp host 188.8.131.52 eq ftp any
access-list 101 permit tcp host 184.108.40.206 eq ftp-data any
access-list 101 permit tcp host 192.168.200.6 eq domain any
pager lines 24
global (outside) 1 220.127.116.11-18.104.22.168 netmask 255.255.255.0
global (dmz) 1 192.168.200.10-192.168.200.100 netmask 255.255.255.0
Here are documents that will help you on your problem, the 1st document is from cisco and the other two is from my mentor and a expert that even cisco look up too and I've used his papers on many problems -
About your connection from DMZ to Inside, then from low security to high security interface, you need the triple commands: static/access-list/access-group.
In your case, you already have the static part:
static (inside,dmz) 192.168.200.6 192.168.100.50 netmask 255.255.255.255 0 0, but it's not OK. The low security(DMZ) IP address represents an address as seen by the DMZ's DNS server, it's not his own address. Then, you should replace 192.168.200.6 by 192.168.200.7 or any other IP addresses within the same subnet as the DMZ's DNS server. Then, your static becomes:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...