Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
237
Views
0
Helpful
1
Replies

ASA INSIDE to DMZ

Arthur Rack
Level 1
Level 1

‎05-30-2018 06:36 AM - edited ‎02-21-2020 07:49 AM

Hi,

 

I have a topology:

 

INSIDE: 192.168.1.0/24

OUTSIDE: 200.200.200.1/27

DMZ: 192.168.200.0/24

 

INSIDE hosts are NATed to OUSTIDE ip address (200.200.200.1)

In DMZ  I have a server with address: 192.168.200.200 wich is NATed to 200.200.200.2

 

My question is: Is it possible to ping DMZ outside address  (200.200.200.2) from INSIDE hosts ?

 

Labels:
0 Helpful
1 Reply 1

Bogdan Nita
VIP Alumni
VIP Alumni

‎05-30-2018 07:19 AM

Yes, but you would need a NAT in place for that.

Something like this:

object network Public_IP
 host x.x.x.x
!
object network DMZ_IP
 host x.x.x.x
!
nat (INSIDE,DMZ) source dynamic any interface destination static Public_IP DMZ_IP

 

HTH

Bogdan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card