03-27-2008 08:34 AM - edited 03-11-2019 05:23 AM
Hi I am a beginner of ASA (8.0). I setup a ASA for device upgrade. I want to set up servers in DMZ. Unfortunately, I found that I can't access Server (in DMZ) from inside interface, for example, web access or ping test
I am checking it for long time and add the following commands but the problem is still exist.
#access-list DMZ_access_in extended permit ip 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0
#access-group DMZ_access_in in interface DMZ
static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0
Anyone give me a help??
I attach my config
03-27-2008 08:43 AM
03-27-2008 09:50 AM
This should do the trick
access-list DMZ_access_in extended permit icmp 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0
access-group DMZ_access_in in interface DMZ
static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0
You don't need to permit ip in the acl for traffic originating from the inside.
03-27-2008 09:49 AM
I do not see the static in the config that you sent, but the one in your post has the wrong ip's.
Should be static (inside,DMZ) 192.168.88.0 192.168.89.0 netmask 255.255.255.0
03-27-2008 09:51 AM
static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0
will work fine.
03-30-2008 07:18 AM
Thank you all of you. I fix the issue according the recommentation
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide