Asa Dmz Config - TechRepublic
Question
October 23, 2010 at 07:38 PM
alarbed

Asa Dmz Config

by alarbed . Updated 15 years, 8 months ago

Hi Experts,

I have an issue with NAT, while configuring three zones asa implementation (Outside/Dmz/Inside).

Objective is:
Allow all inside to internet
Allow Dmz to internet (OS/Apps updates)
Allow some services/ports from internet to Dmz
Allow some services/port from internet to inside

ACL’s working fine, but NAT is not, here what I am doing:

Dmz: 192.168.2.0 255.255.255.0
Inside: 192.168.1.0 255.255.255.0
Outside: 1.1.1.1

! Dynamic NAT for both Inside & DMZ to Internet
global (outside) 100 interface
nat (Dmz) 100 192.168.2.0 255.255.255.0
nat (inside) 100 192.168.1.0 255.255.255.0

! public address to server in DMZ
static (Dmz,outside) 1.1.1.3 192.168.2.20 netmask 255.255.255.255
! public address to server in Inside
static (inside,outside) 1.1.1.2 192.168.2.30 netmask 255.255.255.255
! allow webserver to access DB Servers inside
static (Dmz,inside) 192.168.1.20 192.168.2.20 netmask 255.255.255.255

The point is, when I configure the above, Dmz zone to inside does not work!
but when I stop “static (Dmz,Inside)”, all the inside loose the connection to the net, but all other direction work fine!

Any idea why?

Thanks

This discussion is locked

All Comments