Solved

Asa 5505 DMZ web server access to Lan web server

Posted on 2015-01-22
2
59 Views
Last Modified: 2015-09-09
Hi, I have followed this exsample (pasted below), and now my hosts on the lan can speak to a server on my DMZ, and the DMZ can speak with the internet. All good.

But I need my dmz server so be able to reach an internal server on the lan 10.25.100.18 (port 80). What are I missing? Some kind of access-list I guest? The ASA has the "dmz license" so it's not that.


The short config with my config.

interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.25.100.0 255.255.255.0
!
interface Ethernet0/2
 nameif DMZ
 security-level 50
 ip address 192.168.100.0 255.255.255.0


access-list dmznat extended permit ip 10.25.100.0 255.255.255.0 192.168.100.0 255.255.255.0

global (DMZ) 1 interface
nat (inside) 1 access-list dmznat


Tia!

LHC
0
Comment
Question by:melfarit
  • 2
2 Comments
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 40564626
Hi,

You will have define Policy on ASA in order to reach host on Lan as below :

ASA#(config-t)
ASA(config-t)#policy-map group policy
ASA(config-t)#Classinspection_default
ASA(config-t)#inspect ICMP

Once the above is configured you can will reach host from DMZ.
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 500 total points
ID: 40594293
Hi,

You can define access-list as below as you want to communicate from DMZ to Inside network ,the below access-list configuration will work out.

ASA#access-list 101 permit DMZ in or inside
ASA#access-group 101 in interface DMZ

The above configuration will work just try and update me.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question