ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

202
Views
0
Helpful
2
Replies
Highlighted
Beginner

ASA Outside to DMZ (HOW TO)?

Hello. I've done a search for a problem such as mine but haven' been successful.

 

I have three interfaces, Inside, Outside, and DMZ. I have already setup Inside to Outside and Inside to DMZ nat and ACLS. I however cannot get Outside to DMZ working correctly. How do I have the DMZ Web server (80 and 443) IP be translated to the Outside interface IP? My interface configurations are shown below;

 

Outside IP: 200.200.200.2/24 next hope 200.200.200.1

DMZ: 172.16.1.253/24

 

Whenever I try to use the Outside IP in a nat statement, I get the error that the address overlaps with the Outside address.

 

 

 

Everyone's tags (1)
2 REPLIES 2
Highlighted
VIP Advisor

Re: ASA Outside to DMZ (HOW TO)?

Hi,
Use the keyword "interface" instead of the IP address under the NAT configuration.
Highlighted
Beginner

Re: ASA Outside to DMZ (HOW TO)?

 

As I could not use the OUTSIDE address, I decided to use another (200.200.200.10). This is what seemed to work;

 

object network WEBSERVER
host 172.16.1.253
object network WEBSERVER
nat (DMZ,OUTSIDE) static 200.200.200.10

 

access-list OUT-TO-DMZ extended permit tcp any host 172.16.1.253 eq www

 

However, accessing the address from a web-term appliance still times out. See the packet-tracer output in the attached file.