Configuring Cisco ASA rules to allow DMZ 2 servers to see internal network
ASA Firewall Rules need to do the following. (Using Cisco ASDM 6.3 console)
DMZ
1 x ADFS Proxy server (192.168.x.x) needs to see the internal ADFS server (172.x.x.x)
(I can't currently join the ADFS Proxy server to the domain)
1 x Front End Web server (192.168.x.x) needs to see the internal CRM server (172.x.x.x)
(I can't currently join the Front End Web server to the domain)
Objective
External end users with AD accounts to enter a CRM URL (crm.domain.co.uk) via browser on tablet
URL points to Front End Web server in the DMZ, then redirects to the ADFS server via the ADFS proxy in the DMZ
ADFS authenticates the user against the internal DC, and then the Front End Web server in the DMZ redirects to the internal CRM SQL boxes rendering CRM to the external users/s.
DMZ
1 x ADFS Proxy server (192.168.x.x) needs to see the internal ADFS server (172.x.x.x)
(I can't currently join the ADFS Proxy server to the domain)
1 x Front End Web server (192.168.x.x) needs to see the internal CRM server (172.x.x.x)
(I can't currently join the Front End Web server to the domain)
Objective
External end users with AD accounts to enter a CRM URL (crm.domain.co.uk) via browser on tablet
URL points to Front End Web server in the DMZ, then redirects to the ADFS server via the ADFS proxy in the DMZ
ADFS authenticates the user against the internal DC, and then the Front End Web server in the DMZ redirects to the internal CRM SQL boxes rendering CRM to the external users/s.
asavener
I would suggest putting a read-only domain controller in the DMZ that your proxy server can use. Then open up the appropriate ports to allow the domain replication to occur.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After adding the correct rules my issue was resolved.
care to share your ACL? I have the NAT, but not sure where the ACL goes...