I am trying to set a dmz. Here is how the traffic will travel:
Internet (inside) ---> ASA ----> Router (outside interface) ----> back to the ASA to interface vlan50 (dmz) ((where the servers are located))...

An outside vender needs to VPN into there router on our outside interface... from there they can manage there servers in out dmz....

On my inside interface access-list I should just allow esp port 50 to there router.  Then I would allow the router to only get to the dmz... I have created an access-list for the dmz, but I am not able to put it on the dmz interface... Any suggestions... Thanks
Who is Participating?
axl13Connect With a Mentor Author Commented:
Here is the config as well as a net diagram...
axl13Author Commented:
I calso cannot nameif the dmz vlan....
Can you post result of "show version" from the ASA? have you tried using VLAN3 instead of VLAN50?
Can you post your config?

Besides the fact that I don really understand the topology You are describing...

If it is the IPSEC-protocoll "ESP" you want to allow it[ not a port but a Ip-protocol. Make sure that you are allowing IP protocol 50 and not a tcp or udp port.

access-list outside extended permit ip any host 50

Please post your entire configuration after hiding sensible data.

Br Jimmy
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.