topic Re: Accessing outside server from DMZ Network in Network Security https://community.cisco.com/t5/network-security/accessing-outside-server-from-dmz-network/m-p/1299392#M858385 <HTML><HEAD></HEAD><BODY><P>add</P><P></P><P>access-list DMZ_access_all extended permit ip 192.168.100.0 255.255.255.0 192.168.11.0 255.255.255.0 </P><P></P><P></P><P>regards,</P><P>Roman</P></BODY></HTML> Sun, 26 Jul 2009 12:02:50 GMT Roman Rodichev 2009-07-26T12:02:50Z Accessing outside server from DMZ Network https://community.cisco.com/t5/network-security/accessing-outside-server-from-dmz-network/m-p/1299391#M858383 <P>Hi All,</P><P>Kindly guide me, my secnario is this there is one outside WEB server which have ip 192.168.11.28. from inside network i am able to access the webserver without any problem. but from DMZ i am not able to access that webserver only i can ping it from DMZ.kindly look my configuration and guide me anything wrong is my configuration.Thanks.</P><P></P><P>**************</P><P>interface GigabitEthernet0/0</P><P> nameif outside</P><P> security-level 0</P><P> ip address 10.10.10.2 255.255.255.252 </P><P>!</P><P>interface GigabitEthernet0/1</P><P> nameif Inside</P><P> security-level 100</P><P> ip address 192.168.0.1 255.255.255.0 </P><P>!</P><P>interface GigabitEthernet0/2</P><P> nameif DMZ</P><P> security-level 50</P><P> ip address 192.168.100.1 255.255.255.0 </P><P>! </P><P>interface GigabitEthernet0/3</P><P> description LAN Failover Interface</P><P>!</P><P>interface Management0/0</P><P> nameif management</P><P> security-level 100</P><P> ip address 192.168.1.1 255.255.255.0 </P><P> management-only</P><P>access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.210 eq ftp </P><P>access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.201 eq www </P><P>access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.204 eq www </P><P>access-list outside_access_in extended permit ip 192.168.255.0 255.255.255.0 192.168.0.0 255.255.255.0 </P><P>access-list outside_access_in extended permit icmp 10.10.10.0 255.255.255.252 192.168.0.0 255.255.255.0 </P><P>access-list outside_access_in extended permit tcp host 192.168.22.38 host 192.168.0.201 eq 8080 </P><P>access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.201 eq 7777 </P><P>access-list outside_access_in extended deny tcp host 192.168.22.38 host 192.168.0.201 eq 7777 </P><P>access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.201 eq 8080 </P><P>access-list outside_access_in extended permit icmp 192.168.22.0 255.255.255.0 192.168.0.0 255.255.255.0 </P><P>access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.204 eq 8080 </P><P>access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.204 eq 7777 </P><P>access-list outside_access_in extended permit ip 192.168.255.0 255.255.255.0 192.168.100.0 255.255.255.0 </P><P>access-list outside_access_in extended permit icmp 10.10.10.0 255.255.255.252 192.168.100.0 255.255.255.0 </P><P>access-list outside_access_in extended permit icmp 192.168.22.0 255.255.255.0 192.168.100.0 255.255.255.0 </P><P>access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.100.215 eq www </P><P>access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.100.215 eq 7777 </P><P>access-list nonat extended permit ip 192.168.0.0 255.255.255.0 any </P><P>access-list nonatDMZ extended permit ip 192.168.100.0 255.255.255.0 any </P><P>access-list traffic_for_ips extended permit ip any any </P><P>access-list inside_access_all extended permit ip any any </P><P>access-list DMZ_access_all extended permit icmp any any </P><P>access-list DMZ_access_all extended permit ip 192.168.100.0 255.255.255.0 192.168.0.0 255.255.255.0 </P><P>pager lines 24</P><P>logging asdm informational</P><P>mtu outside 1500</P><P>mtu Inside 1500</P><P>mtu DMZ 1500</P><P>mtu management 1500</P><P>ip verify reverse-path interface outside</P><P>ip verify reverse-path interface Inside</P><P>failover</P><P>failover lan unit primary</P><P>failover lan interface failovetr-int GigabitEthernet0/3</P><P>failover replication http</P><P>failover interface ip failovetr-int 10.250.250.1 255.255.255.252 standby 10.250.250.2</P><P>icmp unreachable rate-limit 1 burst-size 1</P><P>asdm image disk0:/asdm-61551.bin</P><P>asdm history enable</P><P>arp timeout 14400</P><P>nat (Inside) 0 access-list nonat</P><P>nat (DMZ) 0 access-list nonatDMZ</P><P>static (Inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 </P><P>access-group outside_access_in in interface outside</P><P>access-group inside_access_all in interface Inside</P><P>access-group DMZ_access_all in interface DMZ</P><P>route outside 0.0.0.0 0.0.0.0 10.10.10.1 1</P><P></P><P></P> Mon, 11 Mar 2019 15:59:08 GMT https://community.cisco.com/t5/network-security/accessing-outside-server-from-dmz-network/m-p/1299391#M858383 aamirkiani 2019-03-11T15:59:08Z Re: Accessing outside server from DMZ Network https://community.cisco.com/t5/network-security/accessing-outside-server-from-dmz-network/m-p/1299392#M858385 <HTML><HEAD></HEAD><BODY><P>add</P><P></P><P>access-list DMZ_access_all extended permit ip 192.168.100.0 255.255.255.0 192.168.11.0 255.255.255.0 </P><P></P><P></P><P>regards,</P><P>Roman</P></BODY></HTML> Sun, 26 Jul 2009 12:02:50 GMT https://community.cisco.com/t5/network-security/accessing-outside-server-from-dmz-network/m-p/1299392#M858385 Roman Rodichev 2009-07-26T12:02:50Z