[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

ASA 5505: access from Single Machine in DMZ to all internal machines on a specific port

Posted on 2011-09-26
3
Medium Priority
?
249 Views
Last Modified: 2012-05-12
WE have a pix on a stub network. We have 2 DMZs on it and want to allow a PC which is on it's own in one of the DMZ's and needs to contact the PC's on the internal network . Is it possible to do dynamic nat from outside to inside?  Can I have an example based on below.

ASA 5505

DMZ1 , Sec level 50 Int Address 192.168.2.1 /24    PC address 192.168.2.100
Inside,  Sec level 100 Int Address 172.16.2.1 /16    PC address Range 172.16.2.10 - 20

Thanks
0
Comment
Question by:bentham1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 36598421
Would you really need NAT at all? Yes, NAT should work, but have you tried setting up an NAT excemption? If the ASA is the Default Gateway for both the DMZ and the inside network, nothing else should be necessary ... (or, you could configure the "allow traffic through firewall without NAT" option, then all you need is the access list entry)
0
 

Author Comment

by:bentham1
ID: 36598658
For some reason, NAT is a requirement. Can't make that out myself - but I am too far down the pecking order!!
0
 
LVL 18

Accepted Solution

by:
Garry Glendown earned 2000 total points
ID: 36598737
OK, using ASDM, just go to the NAT rules and add a new static policy rule with Original Interface as the DMZ interface you have the PC in, source the PCs IP, destination 172.16.2.0/27 (covers .1-.31), translated interface the internal interface, "Use IP address" some internal IP (don't use the interface IP address or you won't be able to connect to the FW anymore through it), then possibly add port translation if you want to limit it (or add them as access rules). That should do the trick.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question