Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Hiding inside addresses from DMZ

I'm a relative newbie but trying to learn the hard way how to configure my ASA 5510.

Iin  addition to the inside and outside networks, we have a DMZ subnet which  consists of one machine directly connected to the ASA.

For the purposes of this question, here are the subnets:

outside: 192.168.10.0/24

inside: 192.168.50.0/24

DMZ: 192.168.100.0/24

The DMZ host is 192.168.100.20.

What  I'm trying to set up is the least amount of connectivity necessary for a  reverse proxy to operate on the DMZ host. We have one exchange server  that the DMZ host needs to access on 192.168.50.50:443. I'd like to  obfuscate/hide the inside network addresses via a static NAT statement  on the ASA.

Ideally,  the DMZ host (192.168.100.20) would connect to the DMZ address  192.168.100.252:443 and this would be translated by the ASA and routed  to 192.168.50.50:443.

I have set up a static NAT rule with the following command:

static (inside,DMZ) 192.168.100.252 192.168.50.50 netmask 255.255.255.255

This  does not seem to have done the job as connections are not being  accepted from the DMZ to the inside host, even though I can connect to  the inside host from the inside network. What am I doing wrong? Let me  know if I can give you any debugging info.

203
Views
0
Helpful
0
Replies