Hi, I have followed this exsample (pasted below), and now my hosts on the lan can speak to a server on my DMZ, and the DMZ can speak with the internet. All good.
But I need my dmz server so be able to reach an internal server on the lan 10.25.100.18 (port 80). What are I missing? Some kind of access-list I guest? The ASA has the "dmz license" so it's not that.
The short config with my config.
ip address 10.25.100.0 255.255.255.0
ip address 192.168.100.0 255.255.255.0
access-list dmznat extended permit ip 10.25.100.0 255.255.255.0 192.168.100.0 255.255.255.0
global (DMZ) 1 interface
nat (inside) 1 access-list dmznat