Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1347
Views
0
Helpful
2
Replies

ASA Outside to DMZ (HOW TO)?

Driftshin
Level 1
Level 1

‎07-30-2020 06:18 AM

Hello. I've done a search for a problem such as mine but haven' been successful.

 

I have three interfaces, Inside, Outside, and DMZ. I have already setup Inside to Outside and Inside to DMZ nat and ACLS. I however cannot get Outside to DMZ working correctly. How do I have the DMZ Web server (80 and 443) IP be translated to the Outside interface IP? My interface configurations are shown below;

 

Outside IP: 200.200.200.2/24 next hope 200.200.200.1

DMZ: 172.16.1.253/24

 

Whenever I try to use the Outside IP in a nat statement, I get the error that the address overlaps with the Outside address.

 

 

 

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎07-30-2020 11:58 AM

Hi,
Use the keyword "interface" instead of the IP address under the NAT configuration.
0 Helpful

Driftshin
Level 1
Level 1
In response to Rob Ingram

‎07-31-2020 07:06 AM

 

As I could not use the OUTSIDE address, I decided to use another (200.200.200.10). This is what seemed to work;

 

object network WEBSERVER
host 172.16.1.253
object network WEBSERVER
nat (DMZ,OUTSIDE) static 200.200.200.10

 

access-list OUT-TO-DMZ extended permit tcp any host 172.16.1.253 eq www

 

However, accessing the address from a web-term appliance still times out. See the packet-tracer output in the attached file.

 

Preview file
2 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card