Paisley-Consulting
asked on
ASA 5520 DMZ Configuration Question
I have a general DMZ configuration question.
I have two networks:
DMZ - 192.168.155.0 /24
Inside - 172.22.0.0 /16
Here is what I have done:
static (Inside,DMZ) 172.22.0.0 172.22.0.0 netmask 255.255.0.0
global (Outside) 10 interface
global (DMZ) 10 interface
nat (Inside) 10 0.0.0.0 0.0.0.0
nat (DMZ) 10 0.0.0.0 0.0.0.0
So right now I have this:
- DMZ can access the internet
- 172.22.x.x network can access DMZ across all ports
How can I restrict access into the DMZ from the Inside so only port 25 is open from the Inside to the DMZ? or port 21 ex...
I have seen examples where the static command lists only the IP of the Inside host and not the entire range. The problem is, I have a device
that would need to be accessed by all users in the 22 network over a specified port, not a single host.
Thanks in advance.
Nick
I have two networks:
DMZ - 192.168.155.0 /24
Inside - 172.22.0.0 /16
Here is what I have done:
static (Inside,DMZ) 172.22.0.0 172.22.0.0 netmask 255.255.0.0
global (Outside) 10 interface
global (DMZ) 10 interface
nat (Inside) 10 0.0.0.0 0.0.0.0
nat (DMZ) 10 0.0.0.0 0.0.0.0
So right now I have this:
- DMZ can access the internet
- 172.22.x.x network can access DMZ across all ports
How can I restrict access into the DMZ from the Inside so only port 25 is open from the Inside to the DMZ? or port 21 ex...
I have seen examples where the static command lists only the IP of the Inside host and not the entire range. The problem is, I have a device
that would need to be accessed by all users in the 22 network over a specified port, not a single host.
Thanks in advance.
Nick
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER