?
Solved

Cisco ASA DMZ question

Posted on 2007-04-11
8
Medium Priority
?
735 Views
Last Modified: 2008-01-09
We are using the CIsco ASA 5505 IOS version 7.1(1) We have created a DMZ however are unable access the DMZ from the inside?  So for example our DMZ is 10.1.3.X and our internal network is 10.1.4.X. I am able to ping a computer 10.1.3.9, however I can not reach it via http://10.1.3.9.

Thanks

0
Comment
Question by:jbuddy
  • 3
  • 3
7 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18899190
Do you have any access-lists applied on the inside?

Do you have both dmz and inside on the same security level?

If both are not; then we would need to see your configuration.

Cheers,
Rajesh
0
 

Author Comment

by:jbuddy
ID: 18907542
The inside security interface is set at 100 the DMZ is set at 50. If I put an ACL allowing ICMP I can ping the server at 10.1.3.9, however if I try to allow any, only ping still works I cannot contact the webserver at port 80 or rdp.

Thanks
0
 

Author Comment

by:jbuddy
ID: 18907621
And only 2 implicit rules exist on the inside interface
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18909457
Ok, can you post a sanitized configuration here (remove passwords and first octect of public ip addresses)

Cheers,
Rajesh
0
 

Accepted Solution

by:
jbuddy earned 0 total points
ID: 20488197
I had to add 2 implicit rules to allow access
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 20489894
JBuddy,

  Isn't it after looking at my first post you realized that you need to have allow access in your access-list? Why are you closing the question like this?

Cheers,
Rajesh
0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20517467
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
This blog will spread awareness about Dropbox. We have given the statements based upon our experience. Along with this, there is a section of some new plans that should be added in Dropbox this year. This will make the storage service enhanced from …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question