Solved

Cisco ASA DMZ question

Posted on 2007-04-11
8
726 Views
Last Modified: 2008-01-09
We are using the CIsco ASA 5505 IOS version 7.1(1) We have created a DMZ however are unable access the DMZ from the inside?  So for example our DMZ is 10.1.3.X and our internal network is 10.1.4.X. I am able to ping a computer 10.1.3.9, however I can not reach it via http://10.1.3.9.

Thanks

0
Comment
Question by:jbuddy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18899190
Do you have any access-lists applied on the inside?

Do you have both dmz and inside on the same security level?

If both are not; then we would need to see your configuration.

Cheers,
Rajesh
0
 

Author Comment

by:jbuddy
ID: 18907542
The inside security interface is set at 100 the DMZ is set at 50. If I put an ACL allowing ICMP I can ping the server at 10.1.3.9, however if I try to allow any, only ping still works I cannot contact the webserver at port 80 or rdp.

Thanks
0
 

Author Comment

by:jbuddy
ID: 18907621
And only 2 implicit rules exist on the inside interface
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18909457
Ok, can you post a sanitized configuration here (remove passwords and first octect of public ip addresses)

Cheers,
Rajesh
0
 

Accepted Solution

by:
jbuddy earned 0 total points
ID: 20488197
I had to add 2 implicit rules to allow access
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 20489894
JBuddy,

  Isn't it after looking at my first post you realized that you need to have allow access in your access-list? Why are you closing the question like this?

Cheers,
Rajesh
0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20517467
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question