ASA 7.0

hunnetvl01 — Mon, 11 Mar 2019 14:39:09 GMT

I had a post with a 6.3(4) referring to the same issue, so now Ive treid the same with an ASA.

My config:

int inside

security 100

ip add 172.20.1.1

int out

security 0

ip add 10.10.10.1

int dmz

192.168.4.1

security 20

nat (dmz) 1 192.168.4.0 255.255.255.0

global (inside) 1 interface

nat (inside) 2 172.20.1.0 255.255.255.0

global (outside) 2 10.10.10.2

ACL's on inside and dmz permit ip any any and permit icmp any any

I want to be able to access inside&outside and I cant.Only one works at a time: either from dmz to inside or dmz from outside, depending on how you play with the NAT.

Thanks,

Vlad

PS: Static is out of question as I have around 20-25 networks on the inside to be accessed from the dmz.

Re: ASA 7.0

Tshi M — Tue, 20 Jan 2009 20:53:45 GMT

I am not sure I understand this but I am assuming you want your internal users and dmz users to access the Internet. I think for that all you need is:

nat (inside) 1 172.20.1.0 255.255.255.0

nat (dmz) 1 192.168.4.0 255.255.255.0

global (outside) 1 interface

global (dmz) 1 interface

I also don't know why you would like DMZ devices to access the internal network but for that you will need to apply an ACL to dmz interface

topic Re: ASA 7.0 in Network Security

ASA 7.0

Re: ASA 7.0