Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
0
Helpful
3
Replies

ASA 9.2 - DMZ to Inside Communication

mfdarvesh
Level 1
Level 1

‎09-23-2020 06:36 AM

May be this question is asked many times, however, I am unable to find answer

 

LAN: 192.168.2.x 

DZM: 10.1.1.x

 

DMZ host 10.1.1.50 need to access LAN host 192.168.2.75

 

I am able to access DMZ from Inside LAN without any problem. What configuration is required for DMZ to access LAN. 

 

Thank you ..

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎09-23-2020 07:19 AM

Without seeing your configuration we can only guess.

 

Depending the security level of your DMZ and INSIDE interfaces, by default access from a lower level to a higher level is denied. You would need to permit traffic in an ACL

 

Also you'd need may need to check NAT and if necessary create a NAT exemption rule.

 

0 Helpful

mfdarvesh
Level 1
Level 1
In response to Rob Ingram

‎09-23-2020 10:44 PM

It is solved with following:

 

access-list dmz-inside permit tcp object dmz-subnet object db-server eq 1433

access-group dmz-inside in interface dmz

 

Now the question is how may I sure that this traffic is excluded from NAT ??

 

0 Helpful

Rob Ingram
VIP
VIP

‎09-23-2020 10:57 PM

Good to hear

0 Helpful
Customers Also Viewed These Support Documents