Port Forwarding from DMZ to Internal?

Home Forums Networking Cisco Security – PIX/ASA/VPN Port Forwarding from DMZ to Internal?

Viewing 1 post (of 1 total)
  • Author
    Posts

  • engl71
    Member
    #162636

    Dear All,
    I’m new here, and I have a question about an ASA config :). I’m work on it some hours, and I’m now a little confused.

    I use an ASA with Rel. 8.4 for Internet Access. We have an Outside Interface with a public Address, 2 logical DMZ Interfaces (mapped to one physical Interface) with public Addresses and one Internal Interface.

    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    ip address 217.1.1.154 255.255.255.252
    !
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    ip address 10.1.1.78 255.255.255.240
    !
    interface GigabitEthernet0/2
    description 802.1q Trunking Interface for DMZ networks
    no nameif
    no security-level
    no ip address
    !
    interface GigabitEthernet0/2.1
    description DMZ1
    vlan 11
    nameif dmz1
    security-level 10
    ip address 217.1.1.157 255.255.255.252
    !
    interface GigabitEthernet0/2.2
    description DMZ2
    vlan 12
    nameif dmz2
    security-level 15
    ip address 217.2.176.113 255.255.255.248
    [/CODE]

    In DMZ 2 I have one free IP Address (217.2.176.114). Now I would use this Address (complete or http and https only) to connect from Outside to a Server placed in inside network. So my question is, can or how can I use nat, to forward these ports from IP located in DMZ Network to Internal Network IP?

    Port Forwarding from Outside Interface to Internal is almost clear.

    Kindly Regards[CODE]
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    ip address 217.1.1.154 255.255.255.252
    !
    interface GigabitEthernet0/1
    nameif inside
    security-level 100
    ip address 10.1.1.78 255.255.255.240
    !
    interface GigabitEthernet0/2
    description 802.1q Trunking Interface for DMZ networks
    no nameif
    no security-level
    no ip address
    !
    interface GigabitEthernet0/2.1
    description DMZ1
    vlan 11
    nameif dmz1
    security-level 10
    ip address 217.1.1.157 255.255.255.252
    !
    interface GigabitEthernet0/2.2
    description DMZ2
    vlan 12
    nameif dmz2
    security-level 15
    ip address 217.2.176.113 255.255.255.248
    [/CODE]

    In DMZ 2 I have one free IP Address (217.2.176.114). Now I would use this Address (complete or http and https only) to connect from Outside to a Server placed in inside network. So my question is, can or how can I use nat, to forward these ports from IP located in DMZ Network to Internal Network IP?

    Port Forwarding from Outside Interface to Internal is almost clear.

    Kindly Regards

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.