topic Assuming you are running 8.3+ in Network Security https://community.cisco.com/t5/network-security/dmz-zone/m-p/2430730#M268387 <P>Assuming you are running 8.3+, you need:</P><UL><LI>An ACL on the outside interface allowing the needed traffic (example for allowing Web-traffic to your DMZ-host with IP 1.2.3.4):</LI></UL><P>access-list OUTSIDE-IN permit tcp any host 1.2.3.4 eq 80</P><UL><LI>If your NAT for internal clients is setup correctly and there is no ACL on the inside interface you are good to go. If you have an ACL on the inside, then you also need an entry to allow the traffic. That could look like the following if you want to allow all traffic from inside to the DMZ:</LI></UL><P>access-list INSIDE-IN permit ip any 1.2.3.0 255.255.255.0</P><P>&nbsp;</P> Wed, 12 Mar 2014 07:24:17 GMT Karsten Iwen 2014-03-12T07:24:17Z DMZ Zone https://community.cisco.com/t5/network-security/dmz-zone/m-p/2430729#M268383 <P>Hi,</P><P>&nbsp;</P><P>please&nbsp; advice&nbsp; the command&nbsp; to&nbsp; configure&nbsp; a DMZ Zone&nbsp; in the&nbsp; cisco&nbsp; Asa 5510 Firewall.</P><P>i have&nbsp; already&nbsp; inside and&nbsp; outside interfaces.&nbsp; All the users&nbsp; need to&nbsp; access the servers&nbsp; in the DMZ Zone&nbsp; and from&nbsp; internet as well.</P><P>All&nbsp; the servsers in the DMZ are&nbsp; configured&nbsp; with public&nbsp; IP Address.</P><P>&nbsp;</P><P>please advice.</P><P>Regards,</P><P>Saroj</P> Tue, 12 Mar 2019 03:55:54 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2430729#M268383 saroj pradhan 2019-03-12T03:55:54Z Assuming you are running 8.3+ https://community.cisco.com/t5/network-security/dmz-zone/m-p/2430730#M268387 <P>Assuming you are running 8.3+, you need:</P><UL><LI>An ACL on the outside interface allowing the needed traffic (example for allowing Web-traffic to your DMZ-host with IP 1.2.3.4):</LI></UL><P>access-list OUTSIDE-IN permit tcp any host 1.2.3.4 eq 80</P><UL><LI>If your NAT for internal clients is setup correctly and there is no ACL on the inside interface you are good to go. If you have an ACL on the inside, then you also need an entry to allow the traffic. That could look like the following if you want to allow all traffic from inside to the DMZ:</LI></UL><P>access-list INSIDE-IN permit ip any 1.2.3.0 255.255.255.0</P><P>&nbsp;</P> Wed, 12 Mar 2014 07:24:17 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2430730#M268387 Karsten Iwen 2014-03-12T07:24:17Z