03-05-2009 06:10 PM - edited 03-11-2019 08:01 AM
I have an ASA 5505 setup with 3 vlans (outside 0, dmz 50, and inside 100). I can't figure out how to allow the clinets on the inside vlan access to the dmz. inside has access to internet, dmz has access to internet, and internet has access to dmz. My config is attached (I do have a site to site ipsec vpn that is working)
03-05-2009 06:36 PM
One thing I did see was this
access-list nonat extended permit ip 192.168.99.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.99.0 255.255.255.0 192.168.1.0 255.255.255.0 log debugging
shouldnt 192.168.1.0 be 192.168.100.0
03-05-2009 07:19 PM
192.168.1.0 is my remote site to site vpn. I think those statements were added for to support the vpn, but I really do not remember.
03-05-2009 11:27 PM
looks like you have an issue with your NAT configs.
what is this "static (dmz,inside) 192.168.99.46 71.x.x.46 netmask 255.255.255.255" used for ? is the x.x same as in
"static (dmz,outside) 71.x.x.46 192.168.99.46 netmask 255.255.255.255"
try configuring nat exemption from DMZ to INSIDE and see if it helps.
03-05-2009 11:34 PM
Try this,
Remove
static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
Use this as well,
access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.0 192.168.99.0 255.255.255.0
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: