Configuring a DMZ zone on ASA 5505

leonnikolaou · ‎11-25-2010

Hi,

The scenario is to connect two networks together through a DMZ zone.

I have a Cisco ASA 5505 firewall with a LAN network of 192.168.0.0/24 and an external IP of 78.x.x.243.

I also have another network for my CCTV cameras with a LAN of 192.168.1.0/24 but without any external IP.

Now what I want is to connect my CCTV network (192.168.1.0) throught DMZ zone in order to be able to access the internet from my ASA firewall.

I would appreciate if you can post any procedure to do that on ASDM.

Thank you very much for your time

Kind Regards

Leon

Federico Coto Fajardo · ‎11-25-2010

Hi,

An ASA 5505 will support a full DMZ interface only if having the Security Plus license (sh ver)

If so.... then you can configure this interface (give it a name, security level, and IP)

Also to allow the communication you might need a NAT rule and ACLs.

If having nat-control you are required to define a NAT rule.

If going to a higher-security interface (inside) you need a static NAT and ACL permitting the traffic.

If going to a lower-security interface (outside) you need global NAT and ACL permitting the traffic (in case there's an ACL).

Federico.

leonnikolaou · ‎11-25-2010

Hi Federico and thank you for your reply.

I have the Security Plus license.

Basically, because I only have one external IP I want my CCTV network (without external IP) to be able access internet through my other network

with the external IP configured on ASA 5505.

So, I will configure the dmz interface with my CCTV inside LAN (192.168.1.0), security level, name etc.

and then I will need to create Dynamic NAT Rule or static NAT rule?

cadet alain · ‎11-25-2010

Hi,

If you want to connect to cctv from outside then static NAT and ACL inbound on outside

don't forget to put security level of dmz less than inside because by default same security level traffic is not permitted through.

Regards.

Don't forget to rate helpful posts.