Solved

DMZ ASA5505

Posted on 2008-10-20
4
536 Views
Last Modified: 2012-05-05
I am trying to set a dmz. Here is how the traffic will travel:
Internet (inside) ---> ASA ----> Router (outside interface) ----> back to the ASA to interface vlan50 (dmz) ((where the servers are located))...

An outside vender needs to VPN into there router on our outside interface... from there they can manage there servers in out dmz....

On my inside interface access-list I should just allow esp port 50 to there router.  Then I would allow the router to only get to the dmz... I have created an access-list for the dmz, but I am not able to put it on the dmz interface... Any suggestions... Thanks
0
Comment
Question by:axl13
  • 2
4 Comments
 

Author Comment

by:axl13
ID: 22760138
I calso cannot nameif the dmz vlan....
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 22762089
Can you post result of "show version" from the ASA? have you tried using VLAN3 instead of VLAN50?
Can you post your config?
0
 
LVL 2

Expert Comment

by:JimmyLarsson
ID: 22765606
Hello

Besides the fact that I don really understand the topology You are describing...

If it is the IPSEC-protocoll "ESP" you want to allow it[ not a port but a Ip-protocol. Make sure that you are allowing IP protocol 50 and not a tcp or udp port.

ie:
access-list outside extended permit ip any host 1.2.3.4 50

Please post your entire configuration after hiding sensible data.

Br Jimmy
0
 

Accepted Solution

by:
axl13 earned 0 total points
ID: 22766694
Here is the config as well as a net diagram...
Drawing3.jpg
asa5505-2.TXT
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now