Solved

Asa 5505 DMZ web server access to Lan web server

Posted on 2015-01-22
2
58 Views
Last Modified: 2015-09-09
Hi, I have followed this exsample (pasted below), and now my hosts on the lan can speak to a server on my DMZ, and the DMZ can speak with the internet. All good.

But I need my dmz server so be able to reach an internal server on the lan 10.25.100.18 (port 80). What are I missing? Some kind of access-list I guest? The ASA has the "dmz license" so it's not that.


The short config with my config.

interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.25.100.0 255.255.255.0
!
interface Ethernet0/2
 nameif DMZ
 security-level 50
 ip address 192.168.100.0 255.255.255.0


access-list dmznat extended permit ip 10.25.100.0 255.255.255.0 192.168.100.0 255.255.255.0

global (DMZ) 1 interface
nat (inside) 1 access-list dmznat


Tia!

LHC
0
Comment
Question by:melfarit
  • 2
2 Comments
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 40564626
Hi,

You will have define Policy on ASA in order to reach host on Lan as below :

ASA#(config-t)
ASA(config-t)#policy-map group policy
ASA(config-t)#Classinspection_default
ASA(config-t)#inspect ICMP

Once the above is configured you can will reach host from DMZ.
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 500 total points
ID: 40594293
Hi,

You can define access-list as below as you want to communicate from DMZ to Inside network ,the below access-list configuration will work out.

ASA#access-list 101 permit DMZ in or inside
ASA#access-group 101 in interface DMZ

The above configuration will work just try and update me.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 2960 port led all amber 5 104
Multicast on 3750x cisco router 1 38
Firmware for ISR4321 Router 6 47
Viber-Only Restriction 6 44
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question