topic If the shares are in an AD in Network Security

File Share access from DMZ server to LAN server

abdelkarim.yousef — Tue, 12 Mar 2019 08:56:01 GMT

I have ASA 5520 with DMZ and LAN networks configured

DMZ security is 50

LAN security is 100

traffic from LAN to DMZ is permitted by default

i want to open file share from DMZ PC to LAN PC

i created access list to test the operation

access-list dmz_in extended permit ip host DMZ_PC host LAN_PC

i was able to ping, RDP LAN_PC from DMZ_PC, but I can't open any file sharing.

LAN_PC has windows server 2008 R2

i tested the operation with another LAN PC (server 2003) and i was able to access anything.

note: file sharing on LAN PC (server 2008) works fine from any LAN PC

Philip D'Ath — Tue, 14 Feb 2017 21:03:34 GMT

Try opening the share via IP address and see what happens.

Philip D'Ath — Tue, 14 Feb 2017 21:04:07 GMT

If the shares are in an AD environment then it will need a lot of access to the AD controllers as well.

abdelkarim.yousef — Wed, 15 Feb 2017 11:12:23 GMT

the Share folder is in AD environment, and i tried to access it via IP but didn't work

Aydin Ehtibarov — Wed, 15 Feb 2017 13:15:46 GMT

Have you any outbound ACL on LAN interface ? what is packet tarcert result for any tcp port ?

try packet-tracer input < inteface name> tcp <dmz_pc> 5678 lan_pc 445

abdelkarim.yousef — Wed, 15 Feb 2017 13:48:27 GMT

the access groups that i have for inbound connections (LAN_in, Out_in, DMZ_in).

i created only an access list without any NAT rule

i tested packet tracer and it was permitted (allowed).