Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
0
Replies

Zone Based Firewall access to DMZ from inside with NAT resolving to outside IP

Rich Bibby
Level 1
Level 1

‎07-06-2018 02:58 AM - edited ‎03-05-2019 10:43 AM

Hi, 

 

I have an ISR 4321 with a DMZ for a web server.  I NAT the public IP to the DMZ IP and the ZBFW takes care of access from both the outside and inside zones to the dmz zone.  The issue is that the local DNS server resolves the hostname of the web service to the public IP address and when a client on the local LAN (zone inside) tries to hit the web server it fails to connect.  

 

debugging with a conditional ACL shows that traffic from the LAN to the public IP is coming in and back out of the same 'inside' interface and results in a 'DROP 53 (ForUs)'

 

How can I allow this traffic? 

 

Thanks

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card