Solved

Cisco ASA5520 - Servers on the DMZ need access to servers on the internal network

Posted on 2014-09-05
3
223 Views
Last Modified: 2014-09-22
I'm have a Cisco ASA5510 running version 8.2.5.  I put a TAC case in a couple months ago regarding servers on the DMZ being able to access servers on the inside interface. Turns out the problem was NAT. The DMZ network was not able to initiate a connection to the inside network until we configured static NAT to itself or NAT exemption as follows:

static (inside,dmz) 10.4.0.238 10.4.0.238 netmask 255.255.255.255

DMZ network is 192.168.15.0/24
Internal network is 10.4.0.0/20

So if I wanted to access 10.4.0.238 from the DMZ network I had to enter the above command.  How do I do this for the whole subnet?  Not just a single IP address like above?
0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 40306025
static (inside,dmz) 10.4.0.0 10.4.0.0 netmask 255.255.255.0
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 40306032
That's only because you are pre version 8.3, if you upgrade your firewall to a version above 8.3 (RAM and support contract permitting) then you do not need to NAT between interfaces.
ASA 5500 Adding a DMZ Step By Step

Pete
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 40336380
Thanks.  That is what I needed.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
certificate error on website only in internal network 24 71
TLS 1.0 & Windows 7 - How to disable? 16 129
Static Route on Cisco ISR 4431's 4 35
Router speed limit 7 66
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question