Access To DMZ Server From LAN -- Help

zekebashi · ‎08-09-2017

Hello,

I have a server on the DMZ with a private ip address 192.168.100.2/24 which I would like to NAT to a public IP address 10.20.30.40/24 and allow users on the LAN to be able to access this server. This server is currently accessible on the Internet via https.

interface e0/2

ip address 10.10.10.Interface e0/3

ip address 192.168.100.2/24

nameif DMZ

security-level 50

Object network obj-192.168.100.2

host 192.168.100.2

Object network obj-10.20.30.40

host 10.20.30.40

object network object-192.168.100.2

nat(DMZ, outside) static 10.20.30.40

access-list DMZ extended permit tcp host 192.168.100.2/24 10.20.30.0 255.255.255.0

access-list DMZ extended permit tcp host 192.168.100.2/24 any4 eq https

access-list DMZ extended permit tcp host 192.168.100.2/24 any4 eq www

access-group DMZ in interface DMZ

Currently, the hosts on the LAN can't access the server on the DMZ. Any thoughts?

Best, ~sK

Aditya Ganjoo · ‎08-09-2017

Hi,

Do the LAN users need to access the server on mapped IP?

If yes then please use the following config:

object network object-192.168.100.2

nat(DMZ, inside) static 10.20.30.40

Regards,

Aditya

Please rate helpful and mark correct answers

Regards,

Aditya

Please rate helpful and mark correct answers

zekebashi · ‎08-10-2017

Hello,

Yes, they do. I will give that a try and post the result.

Thanks again.

Best, ~zK