Solved

Asa 5505 DMZ web server access to Lan web server

Posted on 2015-01-22
2
61 Views
Last Modified: 2015-09-09
Hi, I have followed this exsample (pasted below), and now my hosts on the lan can speak to a server on my DMZ, and the DMZ can speak with the internet. All good.

But I need my dmz server so be able to reach an internal server on the lan 10.25.100.18 (port 80). What are I missing? Some kind of access-list I guest? The ASA has the "dmz license" so it's not that.


The short config with my config.

interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.25.100.0 255.255.255.0
!
interface Ethernet0/2
 nameif DMZ
 security-level 50
 ip address 192.168.100.0 255.255.255.0


access-list dmznat extended permit ip 10.25.100.0 255.255.255.0 192.168.100.0 255.255.255.0

global (DMZ) 1 interface
nat (inside) 1 access-list dmznat


Tia!

LHC
0
Comment
Question by:melfarit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 40564626
Hi,

You will have define Policy on ASA in order to reach host on Lan as below :

ASA#(config-t)
ASA(config-t)#policy-map group policy
ASA(config-t)#Classinspection_default
ASA(config-t)#inspect ICMP

Once the above is configured you can will reach host from DMZ.
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 500 total points
ID: 40594293
Hi,

You can define access-list as below as you want to communicate from DMZ to Inside network ,the below access-list configuration will work out.

ASA#access-list 101 permit DMZ in or inside
ASA#access-group 101 in interface DMZ

The above configuration will work just try and update me.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot connect to wireless using RADIUS 16 86
Server 2012 R2 Radius server and Cisco AP 7 67
Changing VLAN information 3 48
upgrade Cisco Aironet AP 3 42
When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question