Solved

Asa 5505 DMZ web server access to Lan web server

Posted on 2015-01-22
2
55 Views
Last Modified: 2015-09-09
Hi, I have followed this exsample (pasted below), and now my hosts on the lan can speak to a server on my DMZ, and the DMZ can speak with the internet. All good.

But I need my dmz server so be able to reach an internal server on the lan 10.25.100.18 (port 80). What are I missing? Some kind of access-list I guest? The ASA has the "dmz license" so it's not that.


The short config with my config.

interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 10.25.100.0 255.255.255.0
!
interface Ethernet0/2
 nameif DMZ
 security-level 50
 ip address 192.168.100.0 255.255.255.0


access-list dmznat extended permit ip 10.25.100.0 255.255.255.0 192.168.100.0 255.255.255.0

global (DMZ) 1 interface
nat (inside) 1 access-list dmznat


Tia!

LHC
0
Comment
Question by:melfarit
  • 2
2 Comments
 
LVL 5

Expert Comment

by:Feroz Ahmed
ID: 40564626
Hi,

You will have define Policy on ASA in order to reach host on Lan as below :

ASA#(config-t)
ASA(config-t)#policy-map group policy
ASA(config-t)#Classinspection_default
ASA(config-t)#inspect ICMP

Once the above is configured you can will reach host from DMZ.
0
 
LVL 5

Accepted Solution

by:
Feroz Ahmed earned 500 total points
ID: 40594293
Hi,

You can define access-list as below as you want to communicate from DMZ to Inside network ,the below access-list configuration will work out.

ASA#access-list 101 permit DMZ in or inside
ASA#access-group 101 in interface DMZ

The above configuration will work just try and update me.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco 2960 port led all amber 5 72
Cisco Any Connect Client 5 36
ASA - RV130 VPN tunnel, cannot pass traffic 8 48
ASA to pfsense IPSec site to site tunnel 17 46
This is about downgrading PIX Version 8.0(4) & ASDM 6.1(5) to PIX 7.2(4) and ASDM 5.2(4) but with only 64MB RAM and 16MB flash. Background: You have a Cisco Pix 515E which was running on PIX 7.2(4) and its supporting ASDM 5.2(4) without any i…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now