Allow access via DMZ to addresses assigned to another ASA interface

Hi,

I've configured wireless access through our ASA 5510 using the manner described here:

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23451240.html

Everything works great, however I need to let clients on the wireless interface access the outside addresses assigned on another interface on the ASA.

I haven't been able to figure out how to do this. How do I let clients accessing from one interface get to the services hosted on another?
LVL 2
PaulELSAsked:
Who is Participating?
 
PaulELSConnect With a Mentor Author Commented:
I did some more testing and got this to work with the following.

object-group service webmail tcp
 port-object eq www
 port-object eq https
access-list wirelessdmz_access extended permit tcp any host AAA.AAA.AAA.AAA object-group webmail
0
 
ullas_unniCommented:
if i understood correctly then you want your dmz users to access resources in the inside lan network?
0
 
PaulELSAuthor Commented:
No, not quite. I want the DMZ users to be able to access public resources that are available through the outside interface.

For example:

AAA.AAA.AAA.AAA = Outside IP = webmail.example.com

I want a user on the DMZ to be able to access public IP AAA.AAA.AAA.AAA which is on the outside interface to access webmail.example.com.
0
 
PaulELSAuthor Commented:
Solution posted.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.