Configuring Cisco ASA rules to allow DMZ 2 servers to see internal network

ASA Firewall Rules need to do the following. (Using Cisco ASDM 6.3 console)

DMZ
1 x ADFS Proxy server (192.168.x.x) needs to see the internal ADFS server (172.x.x.x)
(I can't currently join the ADFS Proxy server to the domain)
1 x Front End Web server (192.168.x.x) needs to see the internal CRM server (172.x.x.x)
(I can't currently join the Front End Web server to the domain)

Objective
External end users with AD accounts to enter a CRM URL (crm.domain.co.uk) via browser on tablet
URL points to Front End Web server in the DMZ, then redirects to the ADFS server via the ADFS proxy in the DMZ
ADFS authenticates the user against the internal DC, and then the Front End Web server in the DMZ redirects to the internal CRM SQL boxes rendering CRM to the external users/s.
LVL 2
CTCRMInfrastructure EngineerAsked:
Who is Participating?
 
CTCRMConnect With a Mentor Infrastructure EngineerAuthor Commented:
I have added the NAT rule and Access Rules which has resolved my issue.
0
 
asavenerCommented:
I would suggest putting a read-only domain controller in the DMZ that your proxy server can use.  Then open up the appropriate ports to allow the domain replication to occur.
0
 
CTCRMInfrastructure EngineerAuthor Commented:
After adding the correct rules my issue was resolved.
0
 
CyberGarCommented:
care to share your ACL?  I have the NAT, but not sure where the ACL goes...
0
All Courses

From novice to tech pro — start learning today.