cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
452
Views
0
Helpful
5
Replies

Allow traffic from DMZ to outside

Dhaval Dikshit
Level 1
Level 1

Hi,

 

I had created DMZ zone on ASA 5505. and configure dynamic NAT for DMZ subnet.

I put one system in DMZ zone and wants to communicate it with outside only.

 

Can you please guide me, If any ACL I have to implement for result?

 

Thanks

DD

5 Replies 5

Hi

Do you have the security plus license?

Yes I have Security plus license.

Adeolu Owokade
Level 1
Level 1

Hi Dhaval,

As long as you have the routing set up correctly and the DMZ interface is on a higher security level than outside, then you shouldn't need any ACL to allow traffic from the DMZ to the Outside. 

However, if you need devices on the Outside to initiate communication to the DMZ, then you will need static NAT and an ACL to allow that connection.

Hi Adeolu,

DMZ has 192.168.1.0/24 subnet and deault route is pointing to outside interface.

Is it  ok or any other route to be set?

Thanks,

DD

 

Thanks Adeolu and Henrik,.

Actually every thing is fine from ASA side.
DNS was not mention in DMZ system.

Thanks

DD

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: