DMZ on ASA 5506 - Page 2

marcio.tormente · ‎04-01-2016

Hello Folks!

Is my first time that I´m configurin DMZ on ASA. I create a interface with security level 50, my outside is 0 and inside 100, All intefaces with diferent IP range.

Based on security level the inside should be able to talk to dmz, but is not working, I include some rules to allow the traffic from one to another, even any any and machine from inside can´t talk to dmz.

When I use packetracer on ASDM to see where is the traffic is stopping, he say that is in the ACL. How is possible if there is a rule to allow any any in all interface?

Other probleme, I create a NAT the same as the inside to dmz range, but when I include the IP in the same range that dmz interface in my machine, change the vlan in the switch, I can´t access the internet.

I saw may sites about DMZ, but the almost all of then is old and talk about 5505, some command is different, I know that DMZ don´t have to access everything from inside, but first I just want make sure that the comunication is working, after that make filter.

marcio.tormente · ‎04-06-2016

Hello Aditya!

Follow attached the packet tracer as you request after aply NAT command.

Only with this NAT is enought to solve my problem about expressway Server or is just to acesse the internet?

Thanks

Aditya Ganjoo · ‎04-06-2016

Hi Marcio,

This NAT is just for the internet access.

For the expressway you can use the other static NAT that I suggested.

Glad that the internet is working now.

Regards,

Aditya

Please rate helpful posts.