Solved: Re: ASA 5500 from inside to dmz access with private and public a

asoka · ‎01-30-2011

Hi,
My ASA is a simple setup with a dmz, customer don’t have a dns server in the inside
network. So I use dns doctoring to access the web server in the dmz with
public address.

static (dmz,inside) 11x.x.xx.ccc 192.168.x.x netmask 255.255.255.255 dns

If I do that I loose the access to the same server with the private address, is there
any way I could address the dmz server with both private and public address from inside network.

Cheers

Maykol Rojas · ‎01-30-2011

Hi,

If you are running version below 8.3 you can do it. In 8.2 try this

access-list pnat1 permit ip host 192.168.x.x any

access-list pnat2 permit ip host 192.168.x.x any

no static (dmz,inside) 11x.x.xx.ccc 192.168.x.x netmask 255.255.255.255 dns

static (dmz,inside) 11.x.x.x access-list pnat1

static (dmz,inside) 192.168.x.x access-list pnat2

Let me know how it goes.

Mike

View solution in original post

Maykol Rojas · ‎01-30-2011

Hi,

If you are running version below 8.3 you can do it. In 8.2 try this

access-list pnat1 permit ip host 192.168.x.x any

access-list pnat2 permit ip host 192.168.x.x any

no static (dmz,inside) 11x.x.xx.ccc 192.168.x.x netmask 255.255.255.255 dns

static (dmz,inside) 11.x.x.x access-list pnat1

static (dmz,inside) 192.168.x.x access-list pnat2

Let me know how it goes.

Mike

asoka · ‎01-30-2011

HI, Thanks Mike, it works

but I had to make it

access-list pnat3 permit ip host 192.168.x.x host 11.x.x.x

static (dmz,inside) 11.x.x.x access-list pnat3

and I didn't need the other static, once dns doctoring removed private address access works and with policy NATing public address access also works

any comments

regards

ASA 5500 from inside to dmz access with private and public address