Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

DMZ Port Forwarding & DNS

I have an ASA5505 with 3 interfaces configured: inside, outside, and DMZ. I want the DMZ to be able to access the internet through the outside interface, but not have any access to the inside interface. I've got a device on the DMZ network that needs to have ports 1008, 1009, 1018, and 2000 open for outside access, and the same device also needs internet access.

My config is at: http://stevenhuey.net/cisco/config.txt

I think I have the NAT and ACLs correct for opening the ports, however DNS queries from the DMZ are blocked and aren't working.

Any suggestions?

1 REPLY

Re: DMZ Port Forwarding & DNS

try disabling inspect dns.

policy-map global_policy

class inspection_default

no inspect dns

153
Views
0
Helpful
1
Replies
CreatePlease to create content