03-03-2009 07:19 PM - edited 03-11-2019 08:00 AM
Dear All expert,
I would like to ask you some question and the same time i had issue too.i had ASA5510,i had interface Inside,Outside and DMZ.On Inside i have two server(primary and bakcup), so i want to allow some port from DMZ to inside( i mean i want to allow port 1441 to inside both primary and backup. could you let me know how can i configure on ASA? normally i can configure only one server in inside but i we have two server and allow the same port and the same DMZ the command not allow. please help me to solve this issue.please see in the attach file.
Best Regards,
Join
03-04-2009 09:41 AM
Join,
Looking at net diagram u should be able to acomplish your requirements in couple of ways ,you could either create a nonat exampt acl, create nat exempt rule nat(inside) 0 between the two interfaces and apply a nonat acl there periting ip.
or just simply go this way bellow.
static (inside,DMZ) 192.168.2.1 192.168.2.1 netmask 255.255.255.255
static (inside,DMZ) 192.168.2.2 192.168.2.2 netmask 255.255.255.255
access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 80
access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 1441
access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.1 eq 1442
access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 80
access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 1441
access-list DMZ_access_in permit tcp host 192.168.3.1 host 192.168.2.2 eq 1442
access-group DMZ_access_in in interface DMZ
B.Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide