Hi Experts,
I have an issue with NAT, while configuring three zones asa implementation (Outside/Dmz/Inside).
Objective is:
Allow all inside to internet
Allow Dmz to internet (OS/Apps updates)
Allow some services/ports from internet to Dmz
Allow some services/port from internet to inside
ACL’s working fine, but NAT is not, here what I am doing:
Dmz: 192.168.2.0 255.255.255.0
Inside: 192.168.1.0 255.255.255.0
Outside: 1.1.1.1
! Dynamic NAT for both Inside & DMZ to Internet
global (outside) 100 interface
nat (Dmz) 100 192.168.2.0 255.255.255.0
nat (inside) 100 192.168.1.0 255.255.255.0
! public address to server in DMZ
static (Dmz,outside) 1.1.1.3 192.168.2.20 netmask 255.255.255.255
! public address to server in Inside
static (inside,outside) 1.1.1.2 192.168.2.30 netmask 255.255.255.255
! allow webserver to access DB Servers inside
static (Dmz,inside) 192.168.1.20 192.168.2.20 netmask 255.255.255.255
The point is, when I configure the above, Dmz zone to inside does not work!
but when I stop “static (Dmz,Inside)”, all the inside loose the connection to the net, but all other direction work fine!
Any idea why?
Thanks