08-14-2008 02:18 PM - edited 03-09-2019 09:17 PM
Hi,
I have ASA 5510 and would like to seek help in configuring basics..
Allowing traffic from inside to outside
Allowing traffic from outside to inside
allowing traffic from DMZ to outside
Allowing traffic from DMZ to inside
Allowing traffic from inside to DMZ
---------Config ---------------
ASA Version 7.0(7)
!
hostname ASA-Q8
domain-name Q8.COM
enable password xxx
names
dns-guard
!
interface GigabitEthernet0/0
nameif Outside
security-level 0
ip address 188.170.90.1 255.255.255.248
!
interface GigabitEthernet0/1
nameif INSIDE
security-level 100
ip address 192.168.1.1 255.255.255.252
!
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address 10.10.10.1 255.255.255.0
08-14-2008 03:28 PM
Hello Amin
For a more stable suggestion, I should see your entire config (or at least nat and static statements).
But something like the following should work for you
global (outside) 1 interface
nat (DMZ) 1 0 0
access-list dmz_access_in permit ip alloweddmzips alloweddmznetmask insidehostornetwork insidehostornetworknetmask
access-group dmz_access_in in interface DMZ
if you want to nat DMZ traffic to inside interface when traffic wants to reach inside, use the following
global (inside) 1 interface
If you dont want to have NAT between DMZ and inside, use the following
static (inside,dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0
Regards
08-18-2008 11:32 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide