Solved

Allow access via DMZ to addresses assigned to another ASA interface

Posted on 2010-11-26
4
388 Views
Last Modified: 2012-05-10
Hi,

I've configured wireless access through our ASA 5510 using the manner described here:

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23451240.html

Everything works great, however I need to let clients on the wireless interface access the outside addresses assigned on another interface on the ASA.

I haven't been able to figure out how to do this. How do I let clients accessing from one interface get to the services hosted on another?
0
Comment
Question by:PaulELS
  • 3
4 Comments
 
LVL 4

Expert Comment

by:ullas_unni
ID: 34219404
if i understood correctly then you want your dmz users to access resources in the inside lan network?
0
 
LVL 2

Author Comment

by:PaulELS
ID: 34219662
No, not quite. I want the DMZ users to be able to access public resources that are available through the outside interface.

For example:

AAA.AAA.AAA.AAA = Outside IP = webmail.example.com

I want a user on the DMZ to be able to access public IP AAA.AAA.AAA.AAA which is on the outside interface to access webmail.example.com.
0
 
LVL 2

Accepted Solution

by:
PaulELS earned 0 total points
ID: 34219723
I did some more testing and got this to work with the following.

object-group service webmail tcp
 port-object eq www
 port-object eq https
access-list wirelessdmz_access extended permit tcp any host AAA.AAA.AAA.AAA object-group webmail
0
 
LVL 2

Author Closing Comment

by:PaulELS
ID: 34246381
Solution posted.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now