08-07-2009 12:28 AM - edited 03-09-2019 10:30 PM
Hi,
Recently we purchased ASA 5510 and need you help to understand why from inside I am not able to see DMZ Server and outside.Physical connectivity is ok, reachability from ASA to DMZ is Ok.
Traffic is going to internet from ASA
is the ACL correct as per my need
outside to DMZ need ports 1080,1081,6588,80,3128
DMZ to oustide need ports smtp,5512,dns udp and tcp.
Inside to DMZ, local server 192.168.1.55 should only communicate to DMZ Server
Can get help
I have plugged the configuration
08-07-2009 06:13 AM
I see a couple of things to fix. In the DMZ ACL you are permitting the traffic you want ot allow from the outside, but it is applied inbound to the DMZ interface. It should be applied to the outside interface. Same for the OUTSIDE ACL. I would rename them to make more sense; outside2dmz or outside_dmz. Second, you're missing NAT for traffic to get to the internet for both the inside and the DMZ. You're also missing NAT for DMZ to inside (if you require it). If you need help with configuring NAT, just shout.
08-07-2009 08:15 AM
Hi Clark,
ACL Outside is restricting traffic comming from Inside.
ACL DMZ is allowing traffic going out (Inside)
ACL INSIDE is restricting traffic going out ( DMZ or Internet ) which was removed as others was not working.
Can get help on missing config and NAT
08-07-2009 12:46 PM
To NAT from DMZ and INSIDE to OUTSIDE
global (OUTSIDE) 1 interface
!--- This will use the OUTSIDE IP as PAT
nat (INSIDE) 1 192.168.1.0 255.255.255.0
!--- This is who should be NAT'd
nat (DMZ) 1 10.100.200.0 255.255.255.0
!--- This is who should be NAT'd
You don't need NAT from INSIDE to DMZ.
08-07-2009 10:30 PM
Thanks
I got this clear.
Is the ACL Ok.
Is PAT required if -
We have Squid(Proxy)on inside network which should only send http traffic outside on internal user behalf.
allow IPSEC for Cisco Client VPN Traffic from inside to outside
Rest all other traffic should be blocked from inside to outside.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide