Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
596
Views
0
Helpful
2
Replies

Allow Access from DMZ to Inside

junshah22
Level 1
Level 1

‎03-08-2011 01:20 AM - edited ‎03-04-2019 11:40 AM

Please find attached configuration of my ASA, I am trying to give access to tcp ports 50,000 to 60,000 from DMZ to Inside interface

I am using default security levels with no nat.

Please advise

Labels:
82872-ASA.txt.zip
0 Helpful
2 Replies 2

Bryan Lee
Level 1
Level 1

‎03-08-2011 01:54 AM

Junaid,

For Internet Access From DMZ use below command

nat (dmz) 1 192.168.1.0 255.255.255.0

For DMZ To inside you will have to configure an identity nat and acl on dmz interface for allowing traffic from dmz to inside

For example if you want to access 192.168.20.20 machine from DMZ zone use below commands

static(inside,dmz) 192.168.20.20 192.168.20.20 netmask 255.255.255.255

and acl

access-list dmz extended permit ip any host 192.168.20.20

access-group dmz in interface dmz

This will allow you to reach inside network host from dmz zone.

second thing if you want to access DMZ network from Inside

global (dmz) 1 192.168.1.200-192.168.1.225 (ip pool from DMZ subnet)

This will allow you to reach dmz network from inside.

Thanks,'

Amod

0 Helpful

Latchum Naidu
VIP Alumni
VIP Alumni
In response to Bryan Lee

‎03-08-2011 03:00 AM

Hi,

You need to add the below static nat inorder to get that DMZ to Inside.

Make sure the below statement with your real IP range.

static (inside,dmz) 192.168.1.0 192.168.20.0 netmask 255.255.255.255

Please rate the helpfull posts.
Regards,
Naidu.

0 Helpful
Customers Also Viewed These Support Documents