QUESTION:

I am configuring a Cisco ASA5505 with DMZ. I have local lan 192.168.103/24 and DMZ 10.103.1.0/24. I am able to connect from LAN to DMZ using 10.103.1.0/24 address but not the other way around. I can add either a static or dymanic NAT for this.

I’m not sure how to configure the NAT to allow DMZ host to connect to 192.168.103.0/24. I will control access through ACL rather than trying to “hide” them via NAT.

ANSWER:

If you just want to connect from DMZ to real addresses on the inside:

static (inside,dmz) 192.168.103.0 192.168.103.0 netmask 255.255.255.0

and then as you say allow traffic with an acl on the dmz interface.

Related posts:

  1. Access To Hosts from Outside a Cisco ASA
  2. Access Lists and NAT on Cisco ASA Firewalls. Some Clarifications
  3. Policy NAT on Cisco ASA Firewall

Tagged with:

Filed under: Cisco ASA Configuration

Like this post? Subscribe to my RSS feed and get loads more!