topic Cisco DMZ in Network Security

Cisco DMZ

megamixmwangi — Tue, 12 Mar 2019 00:01:51 GMT

Case closed

Cisco DMZ

Harish Balakrishnan — Mon, 01 Oct 2012 08:18:15 GMT

Hello Joe,

please apply the following commands

static (inside,dmz) 10.2.0.0 10.2.0.0 netmask 255.255.0.0

and if you want ping from lan to DMZ, you can apply

access-list dmz_access_in extended permit icmp any any

access-group dmz_access_in in interface DMZ

please let me know if you need further help

regards

Harish.

Cisco DMZ

cadet alain — Mon, 01 Oct 2012 08:43:07 GMT

Hi,

DMZ has lower security level than inside so you must have an ACL inbound on DMZ permitting the traffic from dmz to lan and the returning icmp messagesin reply to lan to dmz icmp messages ( as you've got no icmp inspection).

Nat is only necessary if you've NAT control enabled and in this case you'll need a static(inside,DMZ) statement in addition to the aforementioned ACL.

Regards.

Alain

Don't forget to rate helpful posts.