https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880957#M969206 <HTML><HEAD></HEAD><BODY><P>Try this </P><P></P><P>Your static and acl should be similar to this.</P><P></P><P>static (inside,DMZ) 10.10.23.20 10.10.23.20 netmask 255.255.255.255 0 0</P><P>access-list inside_access_in permit tcp host 10.10.23.20 host 192.168.211.200 eq 21</P><P>access-list inside_access_in permit tcp host 10.10.23.20 host 192.168.211.200 eq 25</P><P>access-group inside_access_in in interface inside</P><P></P><P></P><P></P><P></P></BODY></HTML> Wed, 19 Sep 2007 01:30:29 GMT JORGE RODRIGUEZ 2007-09-19T01:30:29Z https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880956#M969205 <P>hi all,</P><P></P><P>suppose i have one server (x) on the inside interface of ASA which need to access server (y) on the DMZ interface of the ASA for specific port e.g. 25 &amp; 21</P><P></P><P>but in doing so the server (x) ip address e.g. 10.10.23.20 should be natted to (192.168.211.201) the subnet configured on the DMZ</P><P></P><P>server (x) need to access server (y) having ip address 192.168.211.200</P><P></P><P>what would be the best possible way to do so, i have tried using access-list and global but i get error message on syslog portmap translation creation failed, now i was thinking of doing it using static from (inside,dmz) using access list - PAT</P><P></P><P>any help would be great</P> Mon, 11 Mar 2019 11:12:48 GMT https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880956#M969205 zulqurnain 2019-03-11T11:12:48Z https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880957#M969206 <HTML><HEAD></HEAD><BODY><P>Try this </P><P></P><P>Your static and acl should be similar to this.</P><P></P><P>static (inside,DMZ) 10.10.23.20 10.10.23.20 netmask 255.255.255.255 0 0</P><P>access-list inside_access_in permit tcp host 10.10.23.20 host 192.168.211.200 eq 21</P><P>access-list inside_access_in permit tcp host 10.10.23.20 host 192.168.211.200 eq 25</P><P>access-group inside_access_in in interface inside</P><P></P><P></P><P></P><P></P></BODY></HTML> Wed, 19 Sep 2007 01:30:29 GMT https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880957#M969206 JORGE RODRIGUEZ 2007-09-19T01:30:29Z https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880958#M969208 <HTML><HEAD></HEAD><BODY><P>hi jorgemcse,</P><P></P><P>This would leave the 10.10.23.20 without being translated, but like i said earlier i want 10.10.23.20 to be translated to 192.168.211.201 , a subnet configured on the DMZ</P><P></P><P>hope this clear out my point of question</P></BODY></HTML> Wed, 19 Sep 2007 04:13:04 GMT https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880958#M969208 zulqurnain 2007-09-19T04:13:04Z https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880959#M969209 <HTML><HEAD></HEAD><BODY><P>Zulqurnain, </P><P></P><P>Then creating PAT for dmz interface is one way of doing it , allocate an address for it under the 192.168.201.0 subnet and create PAT, or using the dmz-interface itself as PAT device. </P><P></P><P></P><P>e.g regular pat</P><P></P><P>global (DMZ) 1 192.168.201.50</P><P></P><P>or </P><P></P><P>global (DMZ) 1 interface</P><P></P></BODY></HTML> Wed, 19 Sep 2007 14:13:47 GMT https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880959#M969209 JORGE RODRIGUEZ 2007-09-19T14:13:47Z https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880960#M969212 <HTML><HEAD></HEAD><BODY><P>What is the error exaclty that you are getting. Ideally you dont need an ACL when going from inside to dmz.</P><P></P><P>It should only have one statement </P><P></P><P>static (inside,DMZ) 192.168.211.200 10.10.23.20 netmask 255.255.255.255</P><P></P><P>You can try this and if it works then you can create an ACL on the DMZ interface for restricting the ports. </P><P></P><P>Just out of curiosity..do you have the nat-control enabled.</P><P></P><P>--Pls rate if it helps--</P></BODY></HTML> Wed, 19 Sep 2007 14:35:15 GMT https://community.cisco.com/t5/network-security/inside-to-dmz/m-p/880960#M969212 zubairjalal 2007-09-19T14:35:15Z