?
Solved

Cisco ASA5520 - Servers on the DMZ need access to servers on the internal network

Posted on 2014-09-05
3
Medium Priority
?
232 Views
Last Modified: 2014-09-22
I'm have a Cisco ASA5510 running version 8.2.5.  I put a TAC case in a couple months ago regarding servers on the DMZ being able to access servers on the inside interface. Turns out the problem was NAT. The DMZ network was not able to initiate a connection to the inside network until we configured static NAT to itself or NAT exemption as follows:

static (inside,dmz) 10.4.0.238 10.4.0.238 netmask 255.255.255.255

DMZ network is 192.168.15.0/24
Internal network is 10.4.0.0/20

So if I wanted to access 10.4.0.238 from the DMZ network I had to enter the above command.  How do I do this for the whole subnet?  Not just a single IP address like above?
0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 2000 total points
ID: 40306025
static (inside,dmz) 10.4.0.0 10.4.0.0 netmask 255.255.255.0
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40306032
That's only because you are pre version 8.3, if you upgrade your firewall to a version above 8.3 (RAM and support contract permitting) then you do not need to NAT between interfaces.
ASA 5500 Adding a DMZ Step By Step

Pete
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40336380
Thanks.  That is what I needed.
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question