axl13
asked on
DMZ ASA5505
I am trying to set a dmz. Here is how the traffic will travel:
Internet (inside) ---> ASA ----> Router (outside interface) ----> back to the ASA to interface vlan50 (dmz) ((where the servers are located))...
An outside vender needs to VPN into there router on our outside interface... from there they can manage there servers in out dmz....
On my inside interface access-list I should just allow esp port 50 to there router. Then I would allow the router to only get to the dmz... I have created an access-list for the dmz, but I am not able to put it on the dmz interface... Any suggestions... Thanks
Internet (inside) ---> ASA ----> Router (outside interface) ----> back to the ASA to interface vlan50 (dmz) ((where the servers are located))...
An outside vender needs to VPN into there router on our outside interface... from there they can manage there servers in out dmz....
On my inside interface access-list I should just allow esp port 50 to there router. Then I would allow the router to only get to the dmz... I have created an access-list for the dmz, but I am not able to put it on the dmz interface... Any suggestions... Thanks
Can you post result of "show version" from the ASA? have you tried using VLAN3 instead of VLAN50?
Can you post your config?
Can you post your config?
Hello
Besides the fact that I don really understand the topology You are describing...
If it is the IPSEC-protocoll "ESP" you want to allow it[ not a port but a Ip-protocol. Make sure that you are allowing IP protocol 50 and not a tcp or udp port.
ie:
access-list outside extended permit ip any host 1.2.3.4 50
Please post your entire configuration after hiding sensible data.
Br Jimmy
Besides the fact that I don really understand the topology You are describing...
If it is the IPSEC-protocoll "ESP" you want to allow it[ not a port but a Ip-protocol. Make sure that you are allowing IP protocol 50 and not a tcp or udp port.
ie:
access-list outside extended permit ip any host 1.2.3.4 50
Please post your entire configuration after hiding sensible data.
Br Jimmy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER