Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 411
  • Last Modified:

Allow access via DMZ to addresses assigned to another ASA interface


I've configured wireless access through our ASA 5510 using the manner described here:


Everything works great, however I need to let clients on the wireless interface access the outside addresses assigned on another interface on the ASA.

I haven't been able to figure out how to do this. How do I let clients accessing from one interface get to the services hosted on another?
  • 3
1 Solution
if i understood correctly then you want your dmz users to access resources in the inside lan network?
PaulELSAuthor Commented:
No, not quite. I want the DMZ users to be able to access public resources that are available through the outside interface.

For example:

AAA.AAA.AAA.AAA = Outside IP = webmail.example.com

I want a user on the DMZ to be able to access public IP AAA.AAA.AAA.AAA which is on the outside interface to access webmail.example.com.
PaulELSAuthor Commented:
I did some more testing and got this to work with the following.

object-group service webmail tcp
 port-object eq www
 port-object eq https
access-list wirelessdmz_access extended permit tcp any host AAA.AAA.AAA.AAA object-group webmail
PaulELSAuthor Commented:
Solution posted.

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now