https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438477#M268367 <P>Hi ,</P><P>&nbsp;</P><P>Thanks&nbsp; for&nbsp; the reply.&nbsp; The&nbsp; DMZ&nbsp; server is&nbsp; accessable&nbsp; from internet. But&nbsp; still the server&nbsp; unable&nbsp; to access from&nbsp; Inside&nbsp; interface. Encloesd&nbsp; please&nbsp; find&nbsp; my&nbsp; ASA config&nbsp; and&nbsp; help .</P><P>Does&nbsp; it&nbsp; need&nbsp; any&nbsp; routing also.?</P><P>&nbsp;</P><P>Regards,</P><P>Saroj</P> Tue, 18 Mar 2014 07:11:00 GMT saroj pradhan 2014-03-18T07:11:00Z https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438473#M268363 <P>Hi&nbsp; ,</P><P>&nbsp;</P><P>i have&nbsp; created&nbsp; a&nbsp; DMZ&nbsp; Zone&nbsp; on the cisco ASA 5510 Firewall.&nbsp; The&nbsp; DMZ&nbsp; is&nbsp; using public&nbsp; IP Address .</P><P>able&nbsp; to&nbsp; access internet from the DMZ Zone. But&nbsp;&nbsp; unable&nbsp; to&nbsp;&nbsp; access the server from&nbsp; inside to the dmz zone.</P><P>please suggest command&nbsp; to&nbsp; allow&nbsp; access of&nbsp; the inside&nbsp; network&nbsp; to&nbsp; the dmz&nbsp; network,</P><P>&nbsp;</P><P>Regards,</P><P>Saroj</P><P>&nbsp;</P><P>&nbsp;</P><P>Also&nbsp; please suggest&nbsp;&nbsp; allow&nbsp; from&nbsp; internet&nbsp; access the dmz&nbsp; server.</P><P>&nbsp;</P><P>Regards,</P><P>Saroj</P> Tue, 12 Mar 2019 03:56:08 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438473#M268363 saroj pradhan 2019-03-12T03:56:08Z https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438474#M268364 <OL><LI>If you have an ACL on the inside interface, then you need an ACE for the traffic.</LI><LI>The traffic from inside to the DMZ has to be exempted from NAT. The config-syntax depends on the version of the ASA, but you don't tell us which version you are running.</LI></OL><P>For ASA up to 8.2:</P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_bypassing.html#wp1077621">http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_bypassing.html#wp1077621</A></P><P>For ASA 8.3+:</P><P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_rules.html#wp1232160">http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/nat_rules.html#wp1232160</A></P> Thu, 13 Mar 2014 07:12:15 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438474#M268364 Karsten Iwen 2014-03-13T07:12:15Z https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438475#M268365 Hi , as i am using Public ip address of the server in the DMZ Zone. please suggest command to allow from internet the access of server. Regards, Saroj Thu, 13 Mar 2014 10:39:24 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438475#M268365 saroj pradhan 2014-03-13T10:39:24Z https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438476#M268366 <P>The following ACL allows any HTTP- and HTTPS-traffic to your DMZ-server (192.0.2.80 in my example):</P><P><CODE>access-list OUTSIDE-IN permit tcp any host 192.0.2.80 eq 80</CODE></P><P><CODE>access-list OUTSIDE-IN permit tcp any host 192.0.2.80 eq 443</CODE></P><P>That ACL needs to be applied to the outside interface:</P><P><CODE>access-group OUTSIDE-IN in interface outside</CODE></P><P>If there is already an ACL on the outside interface, that use that ACL instead.</P> Thu, 13 Mar 2014 12:33:30 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438476#M268366 Karsten Iwen 2014-03-13T12:33:30Z https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438477#M268367 <P>Hi ,</P><P>&nbsp;</P><P>Thanks&nbsp; for&nbsp; the reply.&nbsp; The&nbsp; DMZ&nbsp; server is&nbsp; accessable&nbsp; from internet. But&nbsp; still the server&nbsp; unable&nbsp; to access from&nbsp; Inside&nbsp; interface. Encloesd&nbsp; please&nbsp; find&nbsp; my&nbsp; ASA config&nbsp; and&nbsp; help .</P><P>Does&nbsp; it&nbsp; need&nbsp; any&nbsp; routing also.?</P><P>&nbsp;</P><P>Regards,</P><P>Saroj</P> Tue, 18 Mar 2014 07:11:00 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438477#M268367 saroj pradhan 2014-03-18T07:11:00Z https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438478#M268368 <P>Hi,</P><P>&nbsp;</P><P>now&nbsp; i have&nbsp; configured&nbsp; the nat&nbsp; exampt&nbsp; and&nbsp; able&nbsp; to&nbsp; ping&nbsp; the DMZ Server from&nbsp; Inside&nbsp; of&nbsp; the ASA Fireawll&nbsp; but&nbsp; unable&nbsp; to&nbsp; access the Server on&nbsp; port 80.</P><P>please advice.</P><P>Regards,</P><P>Saroj</P> Tue, 18 Mar 2014 10:27:41 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438478#M268368 saroj pradhan 2014-03-18T10:27:41Z https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438479#M268369 <P>Hi&nbsp; ,</P><P>i am&nbsp; trying&nbsp; to access the web server&nbsp; 122.168.191.226&nbsp;&nbsp; from&nbsp; my PC 172.16.48.111&nbsp; on port&nbsp; but&nbsp; unable&nbsp;&nbsp; to&nbsp; access .i&nbsp; run a&nbsp; command&nbsp; packet-tracer input inside tcp 172.16.48.111 12345 122.168.191.226 80&nbsp; .Encloesd&nbsp; the report&nbsp; and&nbsp; please advice.</P><P>&nbsp;</P><P>Regards,</P><P>Saroj</P><P><BR />&nbsp;</P> Tue, 18 Mar 2014 10:56:45 GMT https://community.cisco.com/t5/network-security/dmz-zone/m-p/2438479#M268369 saroj pradhan 2014-03-18T10:56:45Z