access-list DMZ_access_in extended permit ip X.X.X.X 255.255.255.224 any

access-list DMZ_access_in extended permit icmp X.X.X.X 255.255.255.224 any

access-group DMZ_access_in in interface OUTSIDE-ZONE

does this correct one or still need to add anything waiting

Hi,

You have to be a bit more specific in your question.

We would also need to know the software level possibly.

If you want to allow traffic to the DMZ from other local interfaces then you use those interfaces ACL to allow that traffic.

If you are talking about allowing traffic to DMZ from other remote network (Internet) then you will have to use the "outside" interfaces ACL to allow this traffic. In addition to this you naturally have to have a NAT configuration for the DMZ servers/hosts so that that they have a public IP address on which they can be accessed.

If you simply want to allow traffic from DMZ to anywhere else then you would use

access-list DMZ_access_in extended permit ip X.X.X.X 255.255.255.224 any

access-list DMZ_access_in extended permit icmp X.X.X.X 255.255.255.224 any

access-group DMZ_access_in in interface DMZ

- Jouni

Hi,

thanks, thing is do have MPLS connectivity with other branch location

for those need to allow DMZ access

Hi,

Then we would need to know about your NAT and Routing configurations.

It might be that ACL configurations alone wont enable DMZ connectivity.

The best situation is usually to give the source/destination networks and the current configuration with masked public IP addresses and sensitive information. Otherwise the discussion might be needlesly complicated.

- Jouni

Hi Anil,

yours will also do or you can also apply Jouni ACLs (both will work)

Regards

Pankaj