Firewall Wizards mailing list archives
ASA 5505 - Allow DMZ to Access Internal network
From: "Manoj Kalpage" <manoj.kalpage () gmail com>
Date: Mon, 6 Oct 2008 23:28:16 +0900
Hi All, I am trying configure giving DMZ to access everything in internal network. I have configuration bellow for DMZ to internal but I cannot ping to either of network. Is this allow with ASA ver 8.0? Am I doing something wrong? Any help would be greatly appreciated. Thanks in advance. MK interface Vlan1 description For XXXX Network nameif inside security-level 100 ip address 172.24.53.2 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 pppoe client vpdn group Bitddd ip address pppoe setroute ! interface Vlan3 description for Back Office Network nameif DMZ1 security-level 100 ip address 172.23.53.1 255.255.255.0 ! interface Vlan4 description DMZ2 for XXX Network nameif DMZ2 security-level 75 ip address 192.168.30.1 255.255.255.0 interface Ethernet0/0 description To Outside switchport access vlan 2 ! interface Ethernet0/1 description To XXX Network ! interface Ethernet0/2 description To Inside Back Office Network switchport access vlan 3 ! interface Ethernet0/3 description To XXX Network switchport access vlan 4 access-list acl_DMZ2_to_INSIDE extended permit tcp any any access-list acl_DMZ2_to_INSIDE extended permit udp any any global (outside) 1 interface global (DMZ1) 1 interface global (DMZ2) 1 interface global (DMZ3) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 172.24.53.0 255.255.255.0 nat (DMZ1) 1 172.23.53.0 255.255.255.0 nat (DMZ2) 1 192.168.30.0 255.255.255.0 nat (DMZ3) 1 192.168.100.0 255.255.255.0 static (inside,DMZ2) 192.168.30.0 172.24.53.0 netmask 255.255.255.255 access-group acl_DMZ2_to_INSIDE in interface DMZ2 icmp unreachable rate-limit 1 burst-size 1 icmp permit any echo-reply inside icmp permit any echo inside icmp permit any echo-reply outside icmp permit any echo outside icmp permit any echo-reply DMZ1 icmp permit any echo DMZ1 icmp permit any echo-reply DMZ2 icmp permit any echo DMZ2 icmp permit any echo-reply DMZ3 icmp permit any echo DMZ3
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ASA 5505 - Allow DMZ to Access Internal network Manoj Kalpage (Oct 07)
- Re: ASA 5505 - Allow DMZ to Access Internal network Arne Svennevik (Oct 14)
- Re: ASA 5505 - Allow DMZ to Access Internal network Fetch, Brandon (Oct 14)