Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Trouble getting DMZ hosts to talk with Inside

I'm having trouble getting the DMZ hosts to talk with an inside host. The DNS servers are hosted at the ISP and I have static commands in place to doctor the dns replies.

On the host in the DMZ I can ping the inside host by its DNS name, I also can ping it by its private IP and telnet to the private IP address. But when I try to telnet to the DNS name it doesn't connect.

It seems to me that I have something setup incorrectly or missing something on the static command for the dmz to inside, but I've tried several different combinations but nothing worked.

Can anyone see what I'm missing or done incorrectly. Thanks......

access-list incoming permit tcp any host xx.xxx.xxx.122 eq www

access-list incoming permit tcp any host xx.xxx.xxx.122 eq 444

access-list incoming permit tcp any host xx.xxx.xxx.122 eq pop3

access-list incoming permit tcp any host xx.xxx.xxx.122 eq smtp

access-list incoming permit tcp any host xx.xxx.xxx.123 eq www

access-list incoming permit tcp any host xx.xxx.xxx.122 eq ftp

access-list incoming permit icmp any xx.xxx.xxx.xxx 255.255.255.xxx

access-list incoming permit tcp any host xx.xxx.xxx.122 eq 81

access-list incoming permit tcp any host xx.xxx.xxx.124 eq smtp

access-list incoming permit tcp any host xx.xxx.xxx.124 eq www

access-list no_nat_dmz permit ip 10.61.3.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list no_nat_inside permit ip 192.168.114.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list no_nat_inside permit ip 192.168.114.0 255.255.255.0 10.61.3.0 255.255.255.0

access-list acl_dmz permit icmp any any

access-list acl_dmz permit tcp 10.61.3.0 255.255.255.0 any eq domain

access-list acl_dmz permit udp 10.61.3.0 255.255.255.0 any eq domain

access-list acl_dmz permit tcp any any

ip address outside xx.xxx.xxx.125 255.255.255.xxx

ip address inside 192.168.114.1 255.255.255.0

ip address DMZ 10.61.3.1 255.255.255.0

global (outside) 1 xx.xxx.xxx.121

nat (inside) 0 access-list no_nat_inside

nat (inside) 1 192.168.114.0 255.255.255.0 0 0

nat (DMZ) 0 access-list no_nat_dmz

static (inside,outside) xx.xxx.xxx.124 192.168.114.6 dns netmask 255.255.255.255 0 0

static (DMZ,outside) xx.xxx.xxx.122 10.61.3.5 dns netmask 255.255.255.255 0 0

static (DMZ,outside) xx.xxx.xxx.123 10.61.3.6 dns netmask 255.255.255.255 0 0

static (DMZ,inside) xx.xxx.xxx.122 10.61.3.5 netmask 255.255.255.255 0 0

static (DMZ,inside) xx.xxx.xxx.123 10.61.3.6 netmask 255.255.255.255 0 0

static (inside,DMZ) xx.xxx.xxx.124 192.168.114.6 netmask 255.255.255.255 0 0

access-group incoming in interface outside

access-group acl_dmz in interface DMZ

1 REPLY
New Member

Re: Trouble getting DMZ hosts to talk with Inside

I feel there is no much problem. try replacing static routes with default routes. Sometimes this might work.

83
Views
0
Helpful
1
Replies
CreatePlease to create content