hi everyone,

I just inherit an ASA from the previous System Admin and I need to configure it to allow a server sitting on DMZ to communicate with 2 (failover) servers on INSIDE zone on various UPD and TCP port.

DMZ host : 192.168.3.202

INSIDE host 1:  192.168.2.122

INSIDE host 2: 192.168.2.123

I couldn't get the DMZ host to talk to the INSIDE host at all. Can you help me look at my configuration? For testing, i even added the 3 lines that I high-light in Orange to see if the communication go through or not.

!---------------------------------------------------------------------------

! DMZ_Access_IN ACL

!---------------------------------------------------------------------------

access-list dmz_access_in extended permit tcp host 192.168.3.202 host 192.168.2.122 eq 8009

access-list dmz_access_in extended permit tcp host 192.168.3.202 host 192.168.2.122 eq 4001

access-list dmz_access_in extended permit udp host 192.168.3.202 host 192.168.2.122 eq isakmp

access-list dmz_access_in extended permit udp host 192.168.3.202 host 192.168.2.122 eq 4500

access-list dmz_access_in extended permit tcp host 192.168.3.202 host 192.168.2.123 eq 8009

access-list dmz_access_in extended permit tcp host 192.168.3.202 host 192.168.2.123 eq 4001

access-list dmz_access_in extended permit udp host 192.168.3.202 host 192.168.2.123 eq isakmp

access-list dmz_access_in extended permit udp host 192.168.3.202 host 192.168.2.123 eq 4500

access-list dmz_access_in extended permit ip host 192.168.3.202 host 192.168.2.122

access-list dmz_access_in extended permit ip any host 192.168.2.122

access-list dmz_access_in extended permit icmp any host 192.168.2.1

access-list dmz_access_in extended deny ip any 192.168.2.0 255.255.255.0

access-list dmz_access_in extended permit ip any any

global (dmz) 1 interface

nat (dmz) 1 192.168.3.0 255.255.255.0

static (dmz,outside) x.x.x.x 192.168.3.202 netmask 255.255.255.255

access-group dmz_access_in in interface dmz