Cisco ASA Outside and DMZ interface IPing

Hello,

I have inherited an ASA config which I have questions on.  The outside interface is assign say 1.1.1.192/26.  DMZ is 192.168.1.1/24.   There are some static DMZ,outside for 1.1.1.50 .  The previous asa I have handled all the external IPs would be assigned to the outside interface.  Is this setup standard?
silvercasAsked:
Who is Participating?
 
Ken BooneNetwork ConsultantCommented:
Yes in your previous case you were port address translating to the public ip address assigned to the outside interface on the ASA.  In this case, you are statically mapping devices on the DMZ to specific public IP addresses.  The ASA will provide proxy arp for these devices and to the device outside the firewall they will all have the mac address of the outside interface.
0
 
silvercasAuthor Commented:
thanks for that answer.  

the reason for this question is due to a problem with getting to these devices assigned to 1.1.1.50 .  running an packet-tracer all appears well, though from the outside I am unable to access 1.1.1.50
0
 
Ken BooneNetwork ConsultantCommented:
So you need to make sure you have an access-list that allows the access to 1.1.1.50 assigned to the outside interface.  What version of ASA software do you have?  You can post a sanitized version of your config and we can help you with it.
0
 
silvercasAuthor Commented:
so my problem turned out to be a missing route in the router.  added route for external ip to asa and all is well.  

THANKS
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.