DMZ access in to inside( primary and backup) mapping

join_sn09 · ‎03-03-2009

Dear All expert,

I would like to ask you some question and the same time i had issue too.i had ASA5510,i had interface Inside,Outside and DMZ.On Inside i have two server(primary and bakcup), so i want to allow some port from DMZ to inside( i mean i want to allow port 1441 to inside both primary and backup. could you let me know how can i configure on ASA? normally i can configure only one server in inside but i we have two server and allow the same port and the same DMZ the command not allow. please help me to solve this issue.please see in the attach file.

Best Regards,

Join

JORGE RODRIGUEZ · ‎03-04-2009

Join,

Looking at net diagram u should be able to acomplish your requirements in couple of ways ,you could either create a nonat exampt acl, create nat exempt rule nat(inside) 0 between the two interfaces and apply a nonat acl there periting ip.

or just simply go this way bellow.

static (inside,DMZ) 192.168.2.1 192.168.2.1 netmask 255.255.255.255

static (inside,DMZ) 192.168.2.2 192.168.2.2 netmask 255.255.255.255

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 80

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 1441

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 1442

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 80

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 1441

access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 1442

access-group DMZ_access_in in interface DMZ

B.Regards

Jorge Rodriguez