Access DMZ server from inside with public and private ip

acomiskey · ‎04-26-2007

I would like to access a dmz server with both public and private ip's from the inside. I can access private with

static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.255

and I can access by public with destination NAT

static (dmz,inside) 64.1.1.1 172.16.1.1 netmask 255.255.255.255

but I can't put them in at the same time or I get "no translation group found" when trying private ip. Any advice, I guess this isn't possible? ASA 7.2.1

oabduo983 · ‎04-26-2007

Hi,

Can you post the ip addresses on each interface? what do you mean by public IP? ip on the outside or ip on the dmz?

Regards,

acomiskey · ‎04-26-2007

Public meaning it's external address, 64.x.x.x. You can see the subnets by looking at the statics I posted but

inside - 192.168.1.x

dmz - 172.16.x.x

outside - 64.x.x.x

Dmz server private ip is 172.16.1.1.

Dmz server public ip is 64.1.1.1.

From inside I want to access dmz server by http://172.16.1.1 AND http://64.1.1.1.

acomiskey · ‎04-27-2007

anybody?

Wizzle · ‎04-27-2007

Look at this...static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.255.

I hope 192.168.1.0 isn't a network address or maybe you mean netmask 255.255.255.0.

acomiskey · ‎04-27-2007

That statement is correct and is very common. It allows the subnet 192.168.1.0 to communicate with the dmz.

acomiskey · ‎04-27-2007

Anyone else?