one to one nat ASA

marcusaureliusbrutusmarcusaureliusbrutus Member Posts: 73 ■■□□□□□□□□

If i have a local network with an IP range of connected to the inside interface of my ASA and i have a DMZ connected to the dmz interface of my ASA with IP of, how do i get the lan to communicate with the dmz? Are the below steps correct?

nat (inside) 2 0 0
global (dmz) 2 netmask
static (inside,dmz) 80 netmask netmask

Thanks in advance.


  • marcusaureliusbrutusmarcusaureliusbrutus Member Posts: 73 ■■□□□□□□□□

    Been doing some further reading. Is the below config better?

    static (inside,dmz) netmask
    access-list permit dmz_int extended permit host any eq www
    access-group dmz_int in interface dmz

    *allows inside network not to be translated
    *allows proxy ( to respond to hosts queries
  • shednikshednik Member Posts: 2,005
    By default the communication should be allowed so if you wanted to allow any traffic from the you could just make an access list like that

    access-list NoNat permit ip

    That will be added to the Nat Exempt rules automatically.
Sign In or Register to comment.