Cisco ASA5520 - Servers on the DMZ need access to servers on the internal network
Posted on 2014-09-05
I'm have a Cisco ASA5510 running version 8.2.5. I put a TAC case in a couple months ago regarding servers on the DMZ being able to access servers on the inside interface. Turns out the problem was NAT. The DMZ network was not able to initiate a connection to the inside network until we configured static NAT to itself or NAT exemption as follows:
static (inside,dmz) 10.4.0.238 10.4.0.238 netmask 255.255.255.255
DMZ network is 192.168.15.0/24
Internal network is 10.4.0.0/20
So if I wanted to access 10.4.0.238 from the DMZ network I had to enter the above command. How do I do this for the whole subnet? Not just a single IP address like above?