Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: DMZ access to internal network

DMZ access to internal network 7 years 1 month ago #32497

  • beewood
  • beewood's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
Hi,

I need to have all hosts in the dmz to be able to access two devices on the internal network, 192.168.1.245 & 192.168.1.246 over tcp port 910 only. Does anyone know how I can do this? I think I need a static statement and an acl, but unsure.

hostname ASA5505

!
interface Vlan1
nameif LAN
security-level 100
ip address 192.168.1.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address 172.16.1.253 255.255.255.0
!
interface Vlan3
no forward interface Vlan1
nameif DMZ
security-level 50
ip address 10.254.254.254 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
no shutdown
!
interface Ethernet0/1
switchport access vlan 3
no shutdown
!
interface Ethernet0/2
switchport access vlan 1
no shutdown
!
interface Ethernet0/3
switchport access vlan 1
no shutdown
!
interface Ethernet0/4
switchport access vlan 1
no shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
switchport access vlan 1
no shutdown
!
interface Ethernet0/7
switchport access vlan 1
no shutdown
!
global (outside) 1 interface
nat (DMZ) 1 10.254.254.0 255.255.255.0
nat (LAN) 1 192.168.1.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 172.16.1.254 1
dhcpd address 192.168.1.1-192.168.1.10 LAN
dhcpd dns 61.9.194.49 61.9.195.193
domain-name test.local
dhcpd lease 172800
dhcpd enable LAN
ssh 0.0.0.0 0.0.0.0 LAN
ssh timeout 5
The administrator has disabled public write access.

Re: DMZ access to internal network 7 years 1 month ago #32502

  • rtrice81
  • rtrice81's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
try this

-access-list inside_access_in extend permit tcp 10.254.254.0 255.255.255.0 eq 910 192.168.1.245 255.255.255.255 eq 910

-access-list inside_access_in extend permit tcp 10.254.254.0 255.255.255.0 eq 910 192.168.1.246 255.255.255.255 eq 910

you may access have to do a nat exempt as well

-access-list dmz_nat0_outbound extended permit ip 10.254.254.0 255.255.255.0 192.168.1.0 255.255.255.0
Rich Trice
KR Tech Solutions - networks of the future
The administrator has disabled public write access.

Re: DMZ access to internal network 7 years 1 month ago #32524

  • beewood
  • beewood's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
thanks, I tried that out and it doesn't work. The reason is I have a restricted license, restricted license doesn't allow the dmz access to the inside vlan. So thats that.
The administrator has disabled public write access.
Time to create page: 0.077 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup