I can't figure out how to configure NAT properly.
I want incoming http requests on interface outside to be forwarded to host 192.168.3.2 on interface dmz. But everything gets denied. Is this a NAT problem or an ACL problem?
The outside interface is 192.168.1.103
My config:
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan12
nameif dmz
security-level 50
ip address 192.168.3.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport access vlan 12
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside_access_in extended permit tcp any eq 192.168.1.103
access-list dmz_access_in extended permit tcp any eq 192.168.1.103
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp interface 255.255.255.255
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
I want incoming http requests on interface outside to be forwarded to host 192.168.3.2 on interface dmz. But everything gets denied. Is this a NAT problem or an ACL problem?
The outside interface is 192.168.1.103
My config:
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan12
nameif dmz
security-level 50
ip address 192.168.3.1 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
switchport access vlan 12
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside_access_in extended permit tcp any eq 192.168.1.103
access-list dmz_access_in extended permit tcp any eq 192.168.1.103
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp interface 255.255.255.255
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz