Cisco ASA 5510 DMZ needs access to outside
I am trying to allow access to the internet from my dmz. The postings I have read on this site specify setting up a NAT. Since my firewall is live and I do not want to loose my job, would the following NAT break anything given the current NAT setup on my ASA 5510....
CURRENT....
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.20.30.0 255.255.255.0
nat (ids) 1 172.16.0.0 255.255.0.0
WOULD LIKE TO ADD...
nat (dmz) 1 192.168.50.0 255.255.255.0
Will this break anything? Is this necessary to allow internet access from dmz? I have a VPN router in the dmz that needs to talk to another vpn router in another location.
CURRENT....
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 10.20.30.0 255.255.255.0
nat (ids) 1 172.16.0.0 255.255.0.0
WOULD LIKE TO ADD...
nat (dmz) 1 192.168.50.0 255.255.255.0
Will this break anything? Is this necessary to allow internet access from dmz? I have a VPN router in the dmz that needs to talk to another vpn router in another location.
Last Comment
Adding this command will not do any harm, but is it really what you need?
ASKER
well this is what I have setup, just not sure if it will work. I assume some level of outbound access from the dmz to the cloud is needed for the csico 2900 vpn router (sitting in the dmz) to create an ipsec tunnel another 2900 elsewhere in the internet......
static (dmz,outside) 64.X.X.240 192.168.50.2 netmask 255.255.255.255
I have no problem keeping outbound from dmz locked, but i don't see how anything can communicate out.
static (dmz,outside) 64.X.X.240 192.168.50.2 netmask 255.255.255.255
I have no problem keeping outbound from dmz locked, but i don't see how anything can communicate out.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I got the result I was looking for with the confirmation from fgasimzade, however I should consider keeping the outbound dmz traffic locked down to minimum.
Routers
A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.
49K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
Adding NAT for DMZ could have an effect on the traffic flow for the DMZ network.