hi everyone,
this is the first ASA that I configure with the new 9.x (or 8.4 and above) version. I manage to get the DMZ to work, but i don't like my config at all. I will high-light what I struggle below, could you help me correct it?
There is one entry on the below config, specifically for DMZ access-list that really bother me.
access-list dmz_access_in extended permit ip object DMZ-Laptop any
I have to basically use "ANY" as the destination for the host in DMZ to reach out to the internet. I know I did something wrong here. But I couldn't figure it out.
Without that entry on access-list DMZ_ACCESS_IN, i can reach the internal host (and vice versa) from DMZ host, but I cannot reach the internet from the DMZ host. Even when I change ANY to the public WAN subnet, it still doesn't work.
With the entry in place, then of course now from the DMZ host, I can reach everywhere. However, I want to restricted so that the DMZ host can only reach ONE single host in the inside zone.
access-list dmz_access_in extended permit ip object DMZ-Laptop object CORE-Management-VLAN2
Can you help me pointing out that I did wrong?
Outside: 65.115.229.252/24 and a public IP assign to host at 65.115.229.55
Inside: 192.168.253.250/24, and a host @ 192.168.253.10
DMZ: 192.168.1.251/24 and a host @ 192.168.1.55
thank you everyone!