Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1746
Views
0
Helpful
5
Replies

Help with DMZ server accessing Inside network

Go to solution
jasongring
Level 1
Level 1

‎09-08-2011 12:32 PM - edited ‎03-11-2019 02:22 PM

I have a ASA 5520, and im trying to set up a Mitel Border Gateway.  If have successfully nat'd an outside address to the its IP on the dmz that allows traffic in from outside, however I cannot get the proper translation/ACL working for it to also be allowed inside to access the DNS server as well as the Mitel server on the inside network. 

Esseentially I need the Border gateway IP 172.16.1.2 255.255.0.0 to be able to to go from the DMZ to the inside lan and access the dmz server 10.1.2.100, and the  mitel server 192.168.1.12.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to jasongring

‎09-09-2011 06:47 AM

Hi,

you can use your static nat to achieve t in two ways as explained here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Regards.

Alain.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎09-08-2011 05:05 PM

I am confused. I am not sure which is DMZ ip and which is INSIDE ip.

Anyway, you need

static (inside,dmz) x.x.x.x x.x.x.x

replace x.x.x.x with the inside ip address. Let us know if it works.

-KS

0 Helpful

Go to solution
prashantrecon
Level 1
Level 1

‎09-08-2011 11:55 PM

Could u please explain the scenario in detail

0 Helpful

Go to solution
jasongring
Level 1
Level 1
In response to prashantrecon

‎09-09-2011 05:48 AM

The Mitel Boder Gateway has a DMZ IP of 172.16.1.2, its default gateway is 172.16.1.1 which is the DMZ interfact of the ASA 5520.  This device needs full IP access to the Mitel Server on the inside (192.168.1.12) and it  wants to use the corporate DNS server to resolve this mitel server (10.1.2.100).  The Mitel server sits on the voice network and the DMZ on the lan both of which are on the inside interface of the ASA.  The switch handles the inter-vlan routing.  There is an entry on the Border gatway to enter the FQDN of the mitel server on the inside.  I have set up nat'd address for the DNS server and the Mitel server in the DMZ 172.16.1.100 for the DNS and 101 for the Internal Mitel Server(MAS).  If I input dns as the nat'd address of our dns server it can answer dns requests but it the ip it returns for the MAS is its internal address so even though it resolves it it doesnt work.  If i input the MAS IP instead of the FQDN of the Mas  for DNZ the traffic flows ok..the issue is there is a java web app that runs and pulls the FQDN of the MAS from the border gate way. Since this is now a DMZ IP it wont resolve from outside.

So bascially I'm asking how I can let the Border gateway in the DMZ access the MAS server on the inside without natting the MAS to the DMZ so that I can enter the MAS servers FQDN in the border gateway?

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to jasongring

‎09-09-2011 06:47 AM

Hi,

you can use your static nat to achieve t in two ways as explained here: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807968d1.shtml

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
jasongring
Level 1
Level 1
In response to cadet alain

‎09-09-2011 07:15 AM

Alian..thanks I'll look into this. I was thinking there was a way to allow the border gateway access to the internal lan but if this works I'll be happy.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card