Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
1
Replies

Route to DMZ on ASA help from diagram?

Paradera72
Level 1
Level 1

‎02-11-2014 07:46 PM - edited ‎03-07-2019 06:08 PM

I am trying to figure out how to get a workstation on the 192.168.5.0 network to a Web server on the DMZ.
The gateway for the client is 192.168.5.2 The default route is 0.0.0.0 0.0.0.0 192.168.3.1
I've tried adding another route 192.168.2.0 255.255.255.0 192.168.3.1, but it's not working.
The client gets out to the Internet, can ping 192.168.3.1, but not reach the DMZ There is a static route defined on the ASA back to the clients subnet - 192.168.5.0 255.255.255.0 192.168.3.2

Previously routing was done on the ASA, but now this is no longer an option


Sent from Cisco Technical Support Android App

Labels:
Preview file
21 KB
0 Helpful
1 Reply 1

cadet alain
VIP Alumni
VIP Alumni

‎02-12-2014 12:54 AM

Hi,

You must  NAT from inside to DMZ or do static identity NAT for inside to DMZ.

Which version of OS is running on the ASA ?

if version <8.3 then you can do static identity NAT like this:

nat(inside,DMZ) 192.168.3.0 192.168.3.0 netmask 255.255.255.0

if version > 8.3

object network INSIDE

subnet 192.168.5.0

object network DMZ

subnet 192.168.2.0

nat(inside,DMZ) source static INSIDE INSIDE  destination static DMZ DMZ

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card