https://community.cisco.com/t5/network-security/dmz/m-p/1882380#M457465 <HTML><HEAD></HEAD><BODY><P>journiforss,&nbsp; both the inside and dmz are interfaces on the ASA,&nbsp; no routing is necessary right (as long as using version 8.43 or later)?</P></BODY></HTML> Tue, 03 Apr 2012 17:26:51 GMT llamaw0rksE 2012-04-03T17:26:51Z https://community.cisco.com/t5/network-security/dmz/m-p/1882377#M457462 <P>Server on dmz with private ip 10.10.10.10 mapped with ip 172.20.1.10</P><P></P><P></P><P>static(dmz,inside) 172.20.1.10 10.10.10.10 mask 255.255.255.255</P><P></P><P></P><P>Is it inside users are going to access machine on&nbsp; dmz through outside interface ?</P> Mon, 11 Mar 2019 22:49:56 GMT https://community.cisco.com/t5/network-security/dmz/m-p/1882377#M457462 prashantrecon 2019-03-11T22:49:56Z https://community.cisco.com/t5/network-security/dmz/m-p/1882378#M457463 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Your INSIDE host can/will access the DMZ host with the IP address 172.20.1.10 from the INSIDE interface (provided you got the route for it OR default route points towards ASA which probably is the case)</P><P></P><P>Outside interface has nothing to do with the above configuration</P><P></P><P>- Jouni</P><P></P><P>EDIT: Had written DMZ instead of INSIDE at the start of the sentence.</P></BODY></HTML> Tue, 03 Apr 2012 08:13:07 GMT https://community.cisco.com/t5/network-security/dmz/m-p/1882378#M457463 Jouni Forss 2012-04-03T08:13:07Z https://community.cisco.com/t5/network-security/dmz/m-p/1882379#M457464 <HTML><HEAD></HEAD><BODY><P>What interface is 172.20.1.10 on? </P><P></P><P>If 172.20.1.10 is on the INSIDE interface, then any client requesting 172.20.1.10 coming into the firewall from the INSIDE interface would be able to hit the private IP (As long as ACL's allow it).</P><P></P><P>If 10.10.10.10 send data to the INSIDE, it will get converted to 172.20.1.10, but will not if it goes out another interface.</P><P></P><P>I hope this helps.</P><P></P><P>Scape</P></BODY></HTML> Tue, 03 Apr 2012 17:14:03 GMT https://community.cisco.com/t5/network-security/dmz/m-p/1882379#M457464 goatnetworking 2012-04-03T17:14:03Z https://community.cisco.com/t5/network-security/dmz/m-p/1882380#M457465 <HTML><HEAD></HEAD><BODY><P>journiforss,&nbsp; both the inside and dmz are interfaces on the ASA,&nbsp; no routing is necessary right (as long as using version 8.43 or later)?</P></BODY></HTML> Tue, 03 Apr 2012 17:26:51 GMT https://community.cisco.com/t5/network-security/dmz/m-p/1882380#M457465 llamaw0rksE 2012-04-03T17:26:51Z https://community.cisco.com/t5/network-security/dmz/m-p/1882381#M457466 <HTML><HEAD></HEAD><BODY><P>Hello Prashant,</P><P></P><P>As your nat says (DMZ,INSIDE) those 2 interfaces are the only ones involved on the communication from an inside host to the DMZ server.</P><P></P><P>That being said let me know if you need something else.</P><P></P><P>Do rate all the helpful posts</P><P></P><P>Julio</P></BODY></HTML> Tue, 03 Apr 2012 18:03:17 GMT https://community.cisco.com/t5/network-security/dmz/m-p/1882381#M457466 Julio Carvajal 2012-04-03T18:03:17Z https://community.cisco.com/t5/network-security/dmz/m-p/1882382#M457467 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>Is it inside users can access the dmz server with mapped address?</P></BODY></HTML> Wed, 04 Apr 2012 07:05:47 GMT https://community.cisco.com/t5/network-security/dmz/m-p/1882382#M457467 prashantrecon 2012-04-04T07:05:47Z https://community.cisco.com/t5/network-security/dmz/m-p/1882383#M457468 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>With the NAT command you mentioned in the original post</P><P></P><P>static(dmz,inside) 172.20.1.10 10.10.10.10 mask 255.255.255.255</P><P></P><P>You can access the DMZ server 10.10.10.10 from your INSIDE network with the mapped address of 172.20.1.10</P><P></P><P>- Jouni</P></BODY></HTML> Wed, 04 Apr 2012 07:09:20 GMT https://community.cisco.com/t5/network-security/dmz/m-p/1882383#M457468 Jouni Forss 2012-04-04T07:09:20Z