Hi,

Yes Internal Phones should connect with Public IP address.

What should I do the get connectivity with the DMZ Server on the Public IP address.

Do I need to keep the below command as well.

static (inside,outside) 194.x.x.115 192.168.0.115 netmask 255.255.255.255 dns

Do I need to add more configuration for the Public LYNC Server (194.x.x.224) as well.

Please assist.

Hello,

You need to keep that command so outside users can acces that server.

CSC is a free support community, please rate all the helfpul posts.

Julio

Hi

Please let me know what config require in order to access the DMZ servers on Public ip address from the internal clients.

Sent from Cisco Technical Support iPhone App

Ok so now internal users can access the server using the Public IP address. That is good!

Now let's make the second one happen:

static (inside,dmz)  194.x.x.115 192.168.0.115

access-list dmz permit ip any any

access-group dmz in interface dmz

Regards,

Rate all the helpful posts

Hi,

I want to acess the DMZ Servers Public IP address from the inside network.

DMZ Private IP address is 172.16.11.224

DMZ Public IP address is 194.x.x.224

Wheneer client from the Internal LAN  request for LYNCEDGE.ABC.COM (194.x.x.224). They should access DMZ servers on Public IP address.

Please assist

Hi Bro

What you need to enable is DNS Doctoring in your Cisco ASA Firewall. This will resolve your issue of accesing servers that are internal to your network via Public IP Address. I'm assuming everything else is good e.g. ACL, NAT etc.

Please kindly refer to this URL for further details. http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968c8.shtml

P/S: If you think this comment was helpful, please do rate them nicely :-)

Hi,

thanks for the reply, I will apply the below configuration.

access-list acl-serverdmz extended permit tcp host 172.16.11.224 any range 50000 59999
access-list acl-serverdmz extended permit udp host 172.16.11.224 any range 50000 59999
access-list acl-serverdmz extended permit udp host 172.16.11.224 any eq 3478
access-list acl-serverdmz extended permit tcp host 172.16.11.224 any eq https
access-list acl-serverdmz extended permit tcp host 172.16.11.224 any eq 5061
access-list acl-serverdmz extended permit udp host 172.16.11.224 any eq domain
access-list acl-serverdmz extended permit tcp host 172.16.11.224 any eq www

access-list acl-out extended permit tcp any host 194.x.x.224 range 50000 59999
access-list acl-out extended permit udp any host 194.x.x.224 range 50000 59999
access-list acl-out extended permit udp any host 194.x.x.224 eq 3478
access-list acl-out extended permit tcp any host 194.x.x.224 eq https
access-list acl-out extended permit tcp any host 194.x.x.224 eq 5061

access-list acl-in extended permit ip host 192.168.51.45 any

nat (inside) 6 access-list aclnat_serverdmz

nat (inside) 1 0.0.0.0 0.0.0.0

nat (serverdmz) 1 172.16.11.0 255.255.255.0

global (outside) 1 194.x.x.66 netmask 255.255.255.255

global (inside) 1 interface

global (serverdmz) 1 172.16.11.254

global (serverdmz) 6 interface

I want my internal client 192.168.51.45 can access the DMZ servers on the Public IP addresses.

Let me know if I am missing something.

Hi Bro

I don't see any DNS Doctoring statements in there.

Hi

I will try tomorrow and let u know the status.

Sent from Cisco Technical Support iPhone App