I have NAT 1:1 set up for a host in the DMZ. Also, access lists to allow a couple of ports from the internet and to the internal network, which is working just fine.
I can’t manage to allow this host in the DMZ to access the internet.
Partial config below:
object network DMZ-HOST01 host XXX.XXX.XXX.XXX object network DMZ-HOST01_Public_IP host YYY.YYY.YYY.YYY object network INTERNAL-HOST01 host ZZZ.ZZZ.ZZZ.ZZZ nat (dmz,outside) after-auto source static DMZ-HOST01 DMZ-HOST01_Public_IP dns access-list outside_access_in extended permit tcp any object DMZ-HOST01 eq 9443 access-list dmz_access_inside extended permit tcp object DMZ-HOST01 object INTERNAL-HOST01 eq 6110 access-group outside_access_in in interface outside access-group dmz_access_inside in interface dmz
This ASA also provides internet access to the entire network.