Help with DMZ web ACCESS

I am trying to setup access to a web server placed in a dmz on the asa 5505.  

I have a static IP on the ouside interface, an inside network and a dmz network.  

Everything I try ends up being denied by the outside incoming implicit rule, even if I alow ip any to any incoming and outgoing.


Thanks in advace!

Here is my actual config:

: Saved
:
ASA Version 7.2(3)
!
hostname xxxxx
domain-name xxxxx
enable password NBLPZvBMOCoJ0GON encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.128
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xx.xx.129.130 255.255.255.252
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 ip address 10.20.100.1 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
 switchport access vlan 3
!
interface Ethernet0/6
 switchport access vlan 3
!
interface Ethernet0/7
 switchport access vlan 3
!
 
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns domain-lookup dmz
dns server-group DefaultDNS
 name-server 24.200.241.37
 name-server 24.200.243.189
 name-server 24.201.245.77
 domain-name vcore.ca
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inbound_traffic_on_outside remark This is the interface ACL to block inboud_traffic
access-list outside_access_in extended permit tcp any host xx.xx.129.130 eq www log
access-list outside_access_in extended permit tcp any host xx.xx.129.130 eq https
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.128
static (dmz,outside) xx.xx.129.130 10.20.100.12 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xx.129.129 1
route dmz 10.30.100.0 255.255.255.0 10.20.100.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set myset esp-aes-256 esp-sha-hmac
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes-256
 hash md5
 group 5
 lifetime 28800
telnet 192.168.1.4 255.255.255.255 inside
telnet timeout 5
ssh 192.168.1.3 255.255.255.255 inside
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns 24.200.241.37 24.200.243.189 interface inside
dhcpd domain xxxxx.xx interface inside
dhcpd enable inside
!
 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
username estemari password UmPpbxabsGIoW0dS encrypted
prompt hostname context
Cryptochecksum:deb3ff0

Select allOpen in new window