Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5505 DMZ Ports

I've got a ASA5505 with 3 interfaces: inside, outside, & dmz. The DMZ is configured as a network and needs to have access through the outside interface for internet access.

Additionally, I have a device at which needs to communicate with an external server at on ports 1008, 1009, 1018, and 2000 via TCP.

I've attached two different configurations (cleaned for posting) and a log file identifying attempts using both configurations to reach the external server, and communication is failing.

I'm new to the ASA5505, can someone please take a look and give me some hints how to get this working? To me it looks like the configuration should allow the traffic between the DMZ and the external server, but it's not.



New Member

Re: ASA5505 DMZ Ports

If NAT is configured the following rules apply:

1) If the traffic is sourcing from a high security interface to low security interface and no access lists are applied to any interface then you can use the nat and global commands.

2) If traffic is sourcing from the low security interface to a high security interface then you will need to use the static nat commands and apply access-lists to the outside low security interface allowing traffic in.

The default security levels are used for the following interfaces:

1) Inside interface = security level 100

2) Outside interface = security level 0

3) dmz interface = security level 50

0 = lowest security level

100 = highest security level

Refer to the following link:

CreatePlease login to create content