Solved

Allow access via DMZ to addresses assigned to another ASA interface

Posted on 2010-11-26
4
389 Views
Last Modified: 2012-05-10
Hi,

I've configured wireless access through our ASA 5510 using the manner described here:

http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_23451240.html

Everything works great, however I need to let clients on the wireless interface access the outside addresses assigned on another interface on the ASA.

I haven't been able to figure out how to do this. How do I let clients accessing from one interface get to the services hosted on another?
0
Comment
Question by:PaulELS
  • 3
4 Comments
 
LVL 4

Expert Comment

by:ullas_unni
ID: 34219404
if i understood correctly then you want your dmz users to access resources in the inside lan network?
0
 
LVL 2

Author Comment

by:PaulELS
ID: 34219662
No, not quite. I want the DMZ users to be able to access public resources that are available through the outside interface.

For example:

AAA.AAA.AAA.AAA = Outside IP = webmail.example.com

I want a user on the DMZ to be able to access public IP AAA.AAA.AAA.AAA which is on the outside interface to access webmail.example.com.
0
 
LVL 2

Accepted Solution

by:
PaulELS earned 0 total points
ID: 34219723
I did some more testing and got this to work with the following.

object-group service webmail tcp
 port-object eq www
 port-object eq https
access-list wirelessdmz_access extended permit tcp any host AAA.AAA.AAA.AAA object-group webmail
0
 
LVL 2

Author Closing Comment

by:PaulELS
ID: 34246381
Solution posted.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Line cards, Supervisor, Control plane 7 37
Using VLAN Interface in ASA 5 34
Cisco 5508 controller parsing error 4 62
Vlan extend across 2 switches 16 24
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question