Solved

Cisco ASA5520 - Servers on the DMZ need access to servers on the internal network

Posted on 2014-09-05
3
217 Views
Last Modified: 2014-09-22
I'm have a Cisco ASA5510 running version 8.2.5.  I put a TAC case in a couple months ago regarding servers on the DMZ being able to access servers on the inside interface. Turns out the problem was NAT. The DMZ network was not able to initiate a connection to the inside network until we configured static NAT to itself or NAT exemption as follows:

static (inside,dmz) 10.4.0.238 10.4.0.238 netmask 255.255.255.255

DMZ network is 192.168.15.0/24
Internal network is 10.4.0.0/20

So if I wanted to access 10.4.0.238 from the DMZ network I had to enter the above command.  How do I do this for the whole subnet?  Not just a single IP address like above?
0
Comment
Question by:denver218
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 40306025
static (inside,dmz) 10.4.0.0 10.4.0.0 netmask 255.255.255.0
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40306032
That's only because you are pre version 8.3, if you upgrade your firewall to a version above 8.3 (RAM and support contract permitting) then you do not need to NAT between interfaces.
ASA 5500 Adding a DMZ Step By Step

Pete
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40336380
Thanks.  That is what I needed.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now