[fw-wiz] ASA 5505 - Allow DMZ to Access Internal network

From: "Manoj Kalpage" <manoj.kalpage@xxxxxxxxx>
Date: Mon, 6 Oct 2008 23:28:16 +0900

Hi All,
I am trying configure giving DMZ to access everything in internal network. I
have configuration bellow for DMZ to internal but I cannot ping to either of
network. Is this allow with ASA ver 8.0? Am I doing something wrong?
Any help would be greatly appreciated.

Thanks in advance.

MK

interface Vlan1
description For XXXX Network
nameif inside
security-level 100
ip address 172.24.53.2 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group Bitddd
ip address pppoe setroute
!
interface Vlan3
description for Back Office Network
nameif DMZ1
security-level 100
ip address 172.23.53.1 255.255.255.0
!
interface Vlan4
description DMZ2 for XXX Network
nameif DMZ2
security-level 75
ip address 192.168.30.1 255.255.255.0

interface Ethernet0/0
description To Outside
switchport access vlan 2
!
interface Ethernet0/1
description To XXX Network
!
interface Ethernet0/2
description To Inside Back Office Network
switchport access vlan 3
!
interface Ethernet0/3
description To XXX Network
switchport access vlan 4

access-list acl_DMZ2_to_INSIDE extended permit tcp any any
access-list acl_DMZ2_to_INSIDE extended permit udp any any

global (outside) 1 interface
global (DMZ1) 1 interface
global (DMZ2) 1 interface
global (DMZ3) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 172.24.53.0 255.255.255.0
nat (DMZ1) 1 172.23.53.0 255.255.255.0
nat (DMZ2) 1 192.168.30.0 255.255.255.0
nat (DMZ3) 1 192.168.100.0 255.255.255.0
static (inside,DMZ2) 192.168.30.0 172.24.53.0 netmask 255.255.255.255

access-group acl_DMZ2_to_INSIDE in interface DMZ2

icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply inside
icmp permit any echo inside
icmp permit any echo-reply outside
icmp permit any echo outside
icmp permit any echo-reply DMZ1
icmp permit any echo DMZ1
icmp permit any echo-reply DMZ2
icmp permit any echo DMZ2
icmp permit any echo-reply DMZ3
icmp permit any echo DMZ3
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Follow-Ups:
- Re: [fw-wiz] ASA 5505 - Allow DMZ to Access Internal network
  - From: Fetch, Brandon
- Re: [fw-wiz] ASA 5505 - Allow DMZ to Access Internal network
  - From: Arne Svennevik

Next by Date: [fw-wiz] Dynamic Firewall Daemon
Next by thread: Re: [fw-wiz] ASA 5505 - Allow DMZ to Access Internal network
Index(es):
- Date
- Thread

Relevant Pages

Problem with interface counters. (long)
... Network has three Cisco 1812 V03 routers. ... Last clearing of "show interface" counters never ... interface FastEthernet0 ... switchport access vlan 100 ...
(comp.dcom.sys.cisco)
Re: [fw-wiz] ASA 5505 - Allow DMZ to Access Internal network
... IP address in DMZ2, presuming the access list allows the traffic. ... I am trying configure giving DMZ to access everything in internal network. ... interface Vlan1 ... icmp permit any echo-reply inside ...
(Firewall-Wizards)
Re: [fw-wiz] ASA 5505 - Allow DMZ to Access Internal network
... I'll initially set aside why you'd want to allow any of your DMZ ... of a request leaving a DMZ network to enter the inside network. ... interface without an explicit ACL. ... icmp permit any echo-reply inside ...
(Firewall-Wizards)
[PATCH 1/1] IPN: Inter Process Networking
... +IPN is an Inter Process Communication service. ... +interface and protocols used for networking. ... +to a "network". ... +creates a communication socket. ...
(Linux-Kernel)
Re: [PATCH 1/1] IPN: Inter Process Networking
... +IPN is an Inter Process Communication service. ... +interface and protocols used for networking. ... +to a "network". ... +creates a communication socket. ...
(Linux-Kernel)