NAT Question for Cisco ASA 5505

QUESTION:

I am configuring a Cisco ASA5505 with DMZ. I have local lan 192.168.103/24 and DMZ 10.103.1.0/24. I am able to connect from LAN to DMZ using 10.103.1.0/24 address but not the other way around. I can add either a static or dymanic NAT for this.

I’m not sure how to configure the NAT to allow DMZ host to connect to 192.168.103.0/24. I will control access through ACL rather than trying to “hide” them via NAT.

ANSWER:

If you just want to connect from DMZ to real addresses on the inside:

static (inside,dmz) 192.168.103.0 192.168.103.0 netmask 255.255.255.0

and then as you say allow traffic with an acl on the dmz interface.

Related posts:

1. Access Lists and NAT on Cisco ASA Firewalls. Some Clarifications
2. Cisco Router with Cisco ASA for Internet Access
3. Policy NAT on Cisco ASA Firewall
4. Access To Hosts from Outside a Cisco ASA
5. Configure Cisco ASA 5505 to allow Remote Desktop access from Internet

Tagged with: nat asa 5505 • static nat 5505

Filed under: Cisco ASA Configuration

Like this post? Subscribe to my RSS feed and get loads more!