Configuring Cisco ASA 5520 with two T1 interfaces

Posted on 2008-11-14
Last Modified: 2012-05-05
We are trying to seperate traffic on our network. We have a T3 on our main network for Internet traffic and we added another T1 for our Ecommerce server. Our main network is (Inside) and we want to use (DMZ-Inside) for our Ecommerce network, and would like to be able to access Ecommerce from our main network. We are setup on Ecommerce to see the server from a public IP, but we cannot see it internally. Suggestions?
Question by:jgonz
    LVL 5

    Accepted Solution

    if you have a global and nat entry for the dmz then all you need is an ACL allowing the traffic from the dmz interface to the inside interface. Something like this should work.

    global (dmz) 1 interface
    nat (dmz) 1

    access-list dmz_in permit tcp host 10.30.30.x eq www any
    access-group dmz_in in interface dmz


    Author Comment

    We figured we would need an access list, but we have four interfaces - two Outside (T3 and T1) and two Inside:
    Outside - 70.251.X.X
    DMZ - 12.234.X.X
    Inside -
    DMZ-Inside 0

    Author Comment


    We figured we would need an access list, but we have four interfaces - two Outside (T3 and T1) and two Inside:
    Outside - 70.251.X.X (public IP)
    DMZ - 12.234.X.X (public IP)
    Inside -
    DMZ-Inside -
    LVL 5

    Expert Comment

    When you can. Could you post the info directly from your ASA. I would like to see the security on the dmz-inside interface and your nat, global and static statements for the dmz-inside.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
    Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now