cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
596
Views
0
Helpful
2
Replies

Allow Access from DMZ to Inside

junshah22
Level 1
Level 1

Please find attached configuration of my ASA, I am trying to give access to tcp ports 50,000 to 60,000 from DMZ to Inside interface

I am using default security levels with no nat.

Please advise

2 Replies 2

Bryan Lee
Level 1
Level 1

Junaid,

For Internet Access From DMZ use below command

nat (dmz) 1 192.168.1.0 255.255.255.0

For DMZ To inside you will have to configure an identity nat and acl on dmz interface for allowing traffic from dmz to inside

For example if you want to access 192.168.20.20 machine from DMZ zone use below commands

static(inside,dmz) 192.168.20.20 192.168.20.20 netmask 255.255.255.255

and acl

access-list dmz extended permit ip any host 192.168.20.20

access-group dmz in interface dmz

This will allow you to reach inside network host from dmz zone.

second thing if you want to access DMZ network from Inside

global (dmz) 1 192.168.1.200-192.168.1.225 (ip pool from DMZ subnet)

This will allow you to reach dmz network from inside.

Thanks,'

Amod

Hi,

You need to add the below static nat inorder to get that DMZ to Inside.

Make sure the below statement with your real IP range.

static (inside,dmz) 192.168.1.0 192.168.20.0 netmask 255.255.255.255

Please rate the helpfull posts.
Regards,
Naidu.