Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
653
Views
0
Helpful
1
Replies

allow internal ip to access DMZ host.

locp
Level 1
Level 1

‎09-05-2012 02:11 PM

Hello,

  Currently, we allow /24 into our DMZ as follow:

...

access-group dmz_access_in in interface dmz

route outside 0.0.0.0 0.0.0.0 a.b.c.d 1

route inside x.y.z.0 255.255.255.0 1.2.3.4 1   <----- Extended x.y.z.0

...

Now, if we need to extended the /24 to a bigger scope ( range of 15 class C networks ) : can I just re-used the static route or should I use a ACL to allow traffic ? any potential gotcha ?

TIA,

Loc

This is on a ASA5585

Labels:
0 Helpful
1 Reply 1

Javier Portuguez
Level 9
Level 9

‎09-05-2012 02:15 PM

Hi,

You need both, adjust the ACL and add the updated route to reach the new network.

Do both interfaces share the same security-level?

Keep me posted.

Thanks.

Portu.

Please rate any post you find useful.

0 Helpful
Customers Also Viewed These Support Documents