Allow access via DMZ to addresses assigned to another ASA interface


I've configured wireless access through our ASA 5510 using the manner described here:

Everything works great, however I need to let clients on the wireless interface access the outside addresses assigned on another interface on the ASA.

I haven't been able to figure out how to do this. How do I let clients accessing from one interface get to the services hosted on another?
Who is Participating?
PaulELSConnect With a Mentor Author Commented:
I did some more testing and got this to work with the following.

object-group service webmail tcp
 port-object eq www
 port-object eq https
access-list wirelessdmz_access extended permit tcp any host AAA.AAA.AAA.AAA object-group webmail
if i understood correctly then you want your dmz users to access resources in the inside lan network?
PaulELSAuthor Commented:
No, not quite. I want the DMZ users to be able to access public resources that are available through the outside interface.

For example:

AAA.AAA.AAA.AAA = Outside IP =

I want a user on the DMZ to be able to access public IP AAA.AAA.AAA.AAA which is on the outside interface to access
PaulELSAuthor Commented:
Solution posted.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.