I know theres loads of discussions about giving access to DMZ from Inside network.
I got this to work, but there were some side effects....
say my inside network is 192.168.2.0
DMZ is 10.10.1.x
its on an ASA 5510 - which is not the default gateway on network, i put an ip route on my windows machine to route traffic for DMZ to my ASA.
I added a rule - see attached screen shot - rule 18.
I could then access DMZ, i thought yay, great, but thats when everything went wrong.
The VMotion network on my VM setup went down,
I lost access to a web service that was routed over the ASA - rule 17, i dont know if that was a VM issue or a Cisco issue.
I had to take rule out and everything came back (thankfully all was completed out of hours so no major impact)
does anyone have any idea what happened to cause this cluster f**k?
Gonna have to dig into this a bit to get you a solid answer. I have some clarifying questions:
- Why did you put the route on your windows box instead of using the L3 network device that is your default gateway?
- Do your DMZ hosts use the ASA as the default gateway?
- The web service that's routed through the ASA.. I see rule 17 showing NAT from inside --> DMZ (assumption). You're wondering if that went down due to V-motion failure or due to Cisco failure?
- The rule that you took out that brought everything back, was that rule 18?
**Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.
thanks for the response
I was working remotely and just didnt want to edit the primary gateway, if i got it working without issue i would have added a route for DMZ network when i got back into office
the only thing i can think of is that the network switch setup has "VM network / DMZ / Management" networks shared over the same 2 nics, and changing the NAT caused the issue.
see other screen shot attached (sorry, i know this is cisco forum, but just putting this out there)