Firewall Wizards mailing list archives

Re: DMZ to INSIDE Communication

From: Anthony <ez4me2c3d () gmail com>
Date: Mon, 15 Oct 2007 18:05:22 -0500

So you weren't running into the issue of the base license not allowing 
DMZ initiated traffic to the inside network?

"With the Base platform, communication between the DMZ VLAN and the 
Inside VLAN is restricted: the Inside VLAN is permitted to send traffic 
to the DMZ VLAN, but the DMZ VLAN is not permitted to send traffic to 
the Inside VLAN."

http://cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/vlans.html#wp1101628

Anthony

chris mr wrote:

Thanks for your help...

I had to add another static into the ASA and ACL on DMZ in.

mail.domain.com = 12.x.x.x
EXCHANGE1 = natted ip of Exchange on inside

static (inside,DMZ) tcp 12.x.x.x smtp EXCHANGE1 smtp netmask 255.255.255.255


      ____________________________________________________________________________________
Don't let your dream ride pass you by. Make it a reality with Yahoo! Autos.
http://autos.yahoo.com/index.html
 


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

DMZ to INSIDE Communication chris mr (Oct 11)
- Re: DMZ to INSIDE Communication Darden, Patrick S. (Oct 12)
- Re: DMZ to INSIDE Communication Victor Williams (Oct 12)
- <Possible follow-ups>
- Re: DMZ to INSIDE Communication chris mr (Oct 15)
  - Re: DMZ to INSIDE Communication Anthony (Oct 19)