From the previous posts I am assuming the traffic from the Inside returning to the DMZ should be allowed because the inside has a higher secuity level, but it does not seem to work. Should I only need the static command if I want to access the IIS sever in the DMZ? I have tried various combinations of ACLs and I still can't get it to communicate. Any ideas?
This should work. You only need a static command, if you need to ensure that an internal host always i seen with the same nat'd address or if you want to communicate the other way (from the DMZ to Inside). For example, if you were publishing the web server to the internet then you would normally setup a static command to allow the traffic from the outside to the webserver;
You're going to love this (probably not). As you may have guessed, I have never configured any type of NAT on my ASA and I configured a lab with 2 PCs and an ASA 5505 for learning. You have given me a great deal of advice (thanks).
I have tried all of your solutions (and others) and none of them worked. I thought this was because my lack of knowledge with the ASA...
...It turns out that I set the default gateway on the IIS sever to .0 instead of .1! Can you believe that! I changed it and it works great. What a dumb mistake. I even looked those settings over before.
I was reading a Cisco doc and they said to configured access to the DMZ like so: "Create a static translation between the entire inside network and the DMZ: [code:1] static (inside,dmz) 10.1.6.0 10.1.6.0 netmask 255.255.255.0 [/code:1] and "Create a static translation to allow one inside host access to the DMZ" [code:1] static (inside,dmz) 10.1.6.100 10.1.6.100 [/code:1]
My new questions is, I thought the first line of code opened up anything on the 10.1.6.0 network to the DMZ? In either case, why would I have to translate the entire inside network to the DMZ and one specific host? Any thoughts?