cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1548
Views
0
Helpful
6
Replies

I need to DMZ access to internet and see the inside on ASA 5520

Hi everyone.

I am new in ASA, I have the DMZ (10.1.1.0/24) configured on ASA 5520 and I achieve the reach Internet from DMZ (10.1.1.0/24), but now need reach DMZ from inside (172.16.12.0/24) and inside (172.16.12.0/24) from DMZ  (10.1.1.0/24), in other words round trip.

ths show run is attached.

I try with the next links, but dont work.

https://supportforums.cisco.com/thread/2018253

https://supportforums.cisco.com/thread/2045888

thk for help me !!!

BR

6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

Since the DMZ is lower security level than inside, you must create and apply and access-list to allow DMZ-originated traffic to access inside addresses.

Something like:

access-list DMZ_IN extended permit

access-group DMZ_IN in interface DMZ

Inside to DMZ will automatically work (unless you start ACLing in in which case an implicit deny will be added at the end).

If you're new to the ASA, I recommend you use ASDM to create your changes. Set it to preview commands and look at what it generates to understand the CLI.