Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
451
Views
0
Helpful
3
Replies

configuring DMZ host to access LAN

henokk601
Level 1
Level 1

‎03-12-2018 12:57 AM - edited ‎02-21-2020 07:30 AM

Hi All

i have ASA 5525 connected to DMZ server cisco2960 and core switch 4500 series(VSS configured on it) and i connected asa5525 with the core switch using port channel and i want the dmz network to access the internal core side network and vice versa so what should i do ?

Internal network 172.20.x.x

Dmz Network 192.168.x.x

Regards,

 

Labels:
0 Helpful
3 Replies 3

adedipeopeoluwa
Level 1
Level 1

‎03-12-2018 01:16 AM

Create an acl statement on the firewall to permit inside ip address to reach the dmz and vice versa.

 

e.g 

DMZ interface : access-group dmz_access_in in interface DMZ

Inside interface: access-group inside_access_in in interface Inside

 

 

access-list inside_access_in extended permit tcp  172.20.*.* 255.255.0.0 192.168.*.* 2555.255.0.0

access-list dmz_access_in extended permit tcp  192.168.*.* 2555.255.0.0 172.20.*.* 255.255.0.0 192.168.*.* 2555.255.0.0

 

core switch 4500

Create a route for the internal network to reach the dmz ip through the gateway btw the firewall and your core switch.

 

 

Though i think it is better you have specific servers on the inside network you want specific servers on the dmz  to communicate with.

 

In this case, you can create an object group and grant permissions based on these object group.

0 Helpful

henokk601
Level 1
Level 1
In response to adedipeopeoluwa

‎03-12-2018 01:34 AM

can i share you the configuration i do the same however it won't work
0 Helpful

adedipeopeoluwa
Level 1
Level 1
In response to henokk601

‎03-12-2018 01:42 AM

Kindly share but do remember to remove sensitive information

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card