Solved

Configuring Cisco ASA rules to allow DMZ 2 servers to see internal network

Posted on 2014-04-25
4
622 Views
Last Modified: 2015-06-01
ASA Firewall Rules need to do the following. (Using Cisco ASDM 6.3 console)

DMZ
1 x ADFS Proxy server (192.168.x.x) needs to see the internal ADFS server (172.x.x.x)
(I can't currently join the ADFS Proxy server to the domain)
1 x Front End Web server (192.168.x.x) needs to see the internal CRM server (172.x.x.x)
(I can't currently join the Front End Web server to the domain)

Objective
External end users with AD accounts to enter a CRM URL (crm.domain.co.uk) via browser on tablet
URL points to Front End Web server in the DMZ, then redirects to the ADFS server via the ADFS proxy in the DMZ
ADFS authenticates the user against the internal DC, and then the Front End Web server in the DMZ redirects to the internal CRM SQL boxes rendering CRM to the external users/s.
0
Comment
Question by:CTCRM
  • 2
4 Comments
 
LVL 28

Expert Comment

by:asavener
ID: 40023675
I would suggest putting a read-only domain controller in the DMZ that your proxy server can use.  Then open up the appropriate ports to allow the domain replication to occur.
0
 
LVL 2

Accepted Solution

by:
CTCRM earned 0 total points
ID: 40090864
I have added the NAT rule and Access Rules which has resolved my issue.
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 40102439
After adding the correct rules my issue was resolved.
0
 
LVL 1

Expert Comment

by:CyberGar
ID: 40806931
care to share your ACL?  I have the NAT, but not sure where the ACL goes...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now