12-12-2007 10:37 AM - edited 03-09-2019 07:37 PM
Hello.
I have set up ASA 5510 for our our network. It works fine for our network.
Now I need a way to set up the DMZ with public adresses.
The outside is a x.x.214.4 / 30 network, outside ASA ip is x.x.214.6.
For internal mail server, rd, ftp etc we have got a new network. This is y.y.251.192 / 29.
My problem is to get this working. I have some experience (MCSE), but my logic is not working with the ASA. Since it is ages since I have been programming Cisco through command line commands, i have only been using the ASDM.
Hope someone could help me. The traffic (web, mail, ftp etc) from inside (LAN) to outside is working fine. Also has problem getting traffic from DMZ to inside.
Outside security level is 0, dmz is 50, inside is 100. H E L P!
12-12-2007 10:59 AM
To get traffic from dmz to inside...let's say your inside network is 192.168.1.0/24.
static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
Then add the following acl to allow whatever traffic you desire from dmz to inside. This example is for www. Just add whatever access you desire before the "deny ip any 192.168.1.0" line.
access-list dmz-to-inside permit tcp any host x.x.x.x eq www
access-list dmz-to-inside deny ip any 192.168.1.0 255.255.255.0
access-list dmz-to-inside permit ip any any
access-group dmz-to-inside in interface dmz
12-13-2007 02:06 AM
Thanks, I now have access to my mail from inside!
The next step is to allow https, pop3 and smtp to and from outside.
Is it access-list dmz-to-outside permit tcp any x.x.x.x https
access-list dmz-to-outside permit tcp any x.x.x.x pop3
access-list dmz-to-outside permit tcp any x.x.x.x smtp
access-list dmz-to-outside deny ip any 0.0.0.0 0.0.0.0
?
12-13-2007 06:11 AM
access-list outside_access_in permit tcp any x.x.x.x https
access-list outside_access_in permit tcp any x.x.x.x pop3
access-list outside_access_in permit tcp any x.x.x.x smtp
access-list outside_access_in deny ip any any
access-group outside_access_in in interface outside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: