Showing results for 
Search instead for 
Did you mean: 

Cisco ASA 5505 8.0(2) DMZ Server issues


I am having some issues getting the dmz server up and running.

I have internet access from inside.

I would like internet access from dmz.

Also outside to dmz.

I have tried adding static routes and configuring the ACL to no avail. I know this is pre-8.3; so I couldn't find any nat examples before the change.

Here is my current config:

: Saved


ASA Version 8.0(2)


hostname ciscoasa

enable password -------- encrypted



interface Vlan1

nameif inside

security-level 100

ip address 100.200.301.1


interface Vlan2

nameif outside

security-level 0

ip address 100.200.300.18


interface Vlan3

no forward interface Vlan1

nameif dmz

security-level 50

ip address


interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2

switchport access vlan 3


interface Ethernet0/3


interface Ethernet0/4



interface Ethernet0/5



interface Ethernet0/6



interface Ethernet0/7



passwd -------- encrypted

boot system disk0:/asa803-k8.bin

ftp mode passive

pager lines 24

logging enable

logging buffer-size 30000

logging buffered debugging

mtu inside 1500

mtu outside 1500

mtu dmz 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-602.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 100.200.301.0

route outside 100.200.300.17 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

aaa authentication ssh console LOCAL

http server enable

http 100.200.301.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

no crypto isakmp nat-traversal

telnet timeout 5

ssh 100.200.300.18 outside

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny 

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip 

  inspect xdmcp


service-policy global_policy global

username admin password xxxxxencrypted privilege 15

prompt hostname context


: end

asdm image disk0:/asdm-602.bin

no asdm history enable

1 Reply 1

Frequent Contributor
Frequent Contributor

you need NAT. By default internet access from inside and DMZ will work. Higher security level. Inside to DMZ as well.


Google is your friend

And also upgrade to 8.2.(5). 8.0(2) is very buggie...


Posted by WebUser Erik Boss from Cisco Support Community App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers