I'm trying to get traffic to pass correctly between two interfaces on our ASA 5512 - the "inside" (192.168.1.X) interface and the "DMZ" (192.168.100.X) interface.
Using the packet tracer I find that I can I can easily send packets between a source IP of 192.168.1.89 (a PC) and a destination IP of 192.168.100.5 (a switch in the DMZ). However, when I attempt to send packets between a source IP of 192.168.1.89 (a PC) and a destination IP of 192.168.100.10) (a server) the packet tracer shows them going to the "outside" interface rather than the "DMZ" interface.
The server at 192.168.100.10 is NATed to the outside interface and I assume that is what is causing the problem.
Assuming that's correct (and I hate to assume anything) here is some information related to the NAT configuration (as retrieved using ASDM):
- The NAT works as it's configured. That is to say that traffic is passed correctly between the outside and the DMZ interfaces - so I won't be including any IP address information.
- In the Edit Network Object dialog, in the NAT sub-section
- The "Add Automatic Address Translation Rules" checkbox is checked.
- The "Type" selected is "Static".
- The "Use one-to-one address translation" checkbox is checked.
- In the Advanced NAT Settings dialog
- No checkboxes are checked.
- Both the Source and Destination Interfaces are set to "Any"
- Protocol is set to tcp
When in production, the outside interface will only need to allow UDP traffic on a single, particular port. It would be nice if I could get traffic related to the server in question to pass between the inside and DMZ interfaces (to simplify management of said server).
I'll gladly accept any suggestions. While I'm not especially gifted at using the CLI, I can manage with a little guidance.
ASA software version: 9.1 (3) 2
Device manager version: 7.1 (4)
Thanks in advance.
