Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco ASA5520 - Servers on the DMZ need access to servers on the internal network

Posted on 2014-09-05
3
Medium Priority
?
239 Views
Last Modified: 2014-09-22
I'm have a Cisco ASA5510 running version 8.2.5.  I put a TAC case in a couple months ago regarding servers on the DMZ being able to access servers on the inside interface. Turns out the problem was NAT. The DMZ network was not able to initiate a connection to the inside network until we configured static NAT to itself or NAT exemption as follows:

static (inside,dmz) 10.4.0.238 10.4.0.238 netmask 255.255.255.255

DMZ network is 192.168.15.0/24
Internal network is 10.4.0.0/20

So if I wanted to access 10.4.0.238 from the DMZ network I had to enter the above command.  How do I do this for the whole subnet?  Not just a single IP address like above?
0
Comment
Question by:denver218
  • 2
3 Comments
 
LVL 58

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 40306025
static (inside,dmz) 10.4.0.0 10.4.0.0 netmask 255.255.255.0
0
 
LVL 58

Expert Comment

by:Pete Long
ID: 40306032
That's only because you are pre version 8.3, if you upgrade your firewall to a version above 8.3 (RAM and support contract permitting) then you do not need to NAT between interfaces.
ASA 5500 Adding a DMZ Step By Step

Pete
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40336380
Thanks.  That is what I needed.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question