Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Hiding inside addresses from DMZ

I'm a relative newbie but trying to learn the hard way how to configure my ASA 5510.

Iin  addition to the inside and outside networks, we have a DMZ subnet which  consists of one machine directly connected to the ASA.

For the purposes of this question, here are the subnets:




The DMZ host is

What  I'm trying to set up is the least amount of connectivity necessary for a  reverse proxy to operate on the DMZ host. We have one exchange server  that the DMZ host needs to access on I'd like to  obfuscate/hide the inside network addresses via a static NAT statement  on the ASA.

Ideally,  the DMZ host ( would connect to the DMZ address and this would be translated by the ASA and routed  to

I have set up a static NAT rule with the following command:

static (inside,DMZ) netmask

This  does not seem to have done the job as connections are not being  accepted from the DMZ to the inside host, even though I can connect to  the inside host from the inside network. What am I doing wrong? Let me  know if I can give you any debugging info.