Re: Help on NATing from inside to dmz on ASA 8.3

neillix702 · ‎05-17-2011

Hi,

Need some help on Nat config on ASA 8.3 from Inside to DMZ. I have a DMZ server with the IP address of 192.168.2.5. My inside IP is 172.16.128.x/24. I want to able to communicate or talk to server on the DMZ 192.168.2.5. can you please help with in configuring this?

thanks

Jennifer Halim · ‎05-17-2011

To allow the inside host to communicate with the server at DMZ, you can configure the following NAT:

object network obj-192.168.2.5

host 192.168.2.5

object network obj-172.16.128.0-24

subnet 172.16.128.0 255.255.255.0

nat (inside,dmz) source static obj-172.16.128.0-24 obj-172.16.128.0-24 destination static obj-192.168.2.5 obj-192.168.2.5

If you want to communicate with the whole DMZ subnet, just change the obj-192.168.2.5 from host object to subnet object.

If you have access-list applied to the inside interface that restrict the traffic, you would also need to allow traffic to the dmz through. Otherwise, you should be able to access the dmz server with the above NAT statement.

Hope that helps.

neillix702 · ‎05-18-2011

Yes thank you.

Jennifer Halim · ‎05-20-2011

Just wondering if all is good? does that help resolve the issue?

neillix702 · ‎05-24-2011

yes thanks for your help and support. that was a quick response

On Fri, May 20, 2011 at 6:06 PM, halijenn <