<div>
I calso cannot nameif the dmz vlan.... 
</div>


<div>
Can you post result of &quot;show version&quot; from the ASA? have you tried using VLAN3 instead of VLAN50?<br />
Can you post your config?<br />

</div>


Can you post result of "show version" from the ASA? have you tried using VLAN3 instead of VLAN50?
Can you post your config?


<div>
Hello<br />
<br />
Besides the fact that I don really understand the topology You are describing...<br />
<br />
If it is the IPSEC-protocoll &quot;ESP&quot; you want to allow it[ not a port but a Ip-protocol. Make sure that you are allowing IP protocol 50 and not a tcp or udp port.<br />
<br />
ie:<br />
access-list outside extended permit ip any host 1.2.3.4 50<br />
<br />
Please post your entire configuration after hiding sensible data.<br />
<br />
Br Jimmy<br />

</div>


Hello

Besides the fact that I don really understand the topology You are describing...

If it is the IPSEC-protocoll "ESP" you want to allow it[ not a port but a Ip-protocol. Make sure that you are allowing IP protocol 50 and not a tcp or udp port.

ie:
access-list outside extended permit ip any host 1.2.3.4 50

Please post your entire configuration after hiding sensible data.

Br Jimmy


asa5505-2.TXT

Drawing3.jpg

<div>
<div class="content wysiwyg-content">
I am trying to set a dmz. Here is how the traffic will travel:<br />
Internet (inside) ---&gt; ASA ----&gt; Router (outside interface) ----&gt; back to the ASA to interface vlan50 (dmz) ((where the servers are located))...<br />
<br />
An outside vender needs to VPN into there router on our outside interface... from there they can manage there servers in out dmz.... <br />
<br />
On my inside interface access-list I should just allow esp port 50 to there router. &nbsp;Then I would allow the router to only get to the dmz... I have created an access-list for the dmz, but I am not able to put it on the dmz interface... Any suggestions... Thanks<br />

</div>
</div>


I am trying to set a dmz. Here is how the traffic will travel:
Internet (inside) ---> ASA ----> Router (outside interface) ----> back to the ASA to interface vlan50 (dmz) ((where the servers are located))...

An outside vender needs to VPN into there router on our outside interface... from there they can manage there servers in out dmz.... 

On my inside interface access-list I should just allow esp port 50 to there router.  Then I would allow the router to only get to the dmz... I have created an access-list for the dmz, but I am not able to put it on the dmz interface... Any suggestions... Thanks


DMZ ASA5505

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).