Asa version is

"ASA5510> show version

Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(5)51"

DMZ Web server IP address is 10.30.30.14. I draw it wrong.

I want to access web server from Inside and Internet. On the web server i manually configured 2 IP addresses and 2 gateways.

so i assume that you would like to use the DMZ ip address for access from the Internet?

If so, then here is the configuration:

static (dmz,outside) tcp interface 83 10.30.30.14 83 netmask 255.255.255.255

Also, on the access-list applied to your outside interface, you will have to add the following:

access-list permit tcp any interface outside eq 83

BTW, would applying 2 default gateways on the web server work? Does it detect automatically where the traffic is coming from and send the traffic towards the correct default gateway? Because if traffic is routed from ASA DMZ towards the web server DMZ interface, and if the reply goes outbound from web server inside interface towards ASA inside interface, ASA will drop the packet because of assymetric routing. Traffic needs to come in and out of the same interface pair as ASA keeps track of the connection state.

Hope that helps.

Sometimes our inside network is down. When i restart web server. network is come back. I suspect this problem related using 2 gateways on web server.

My current situation is: all salesmen come to office and synchronize their data via wireless using http://192.168.14:83. Now when they are out of office they want to synchronize data via internet http://202.165.200.225:83

I will test your configration and let you know.

Appriciate your help

Many Thanks

Amaraa

From my experience, having 2 default gateways might not work.

I would recommend that you configure default gateway towards the ASA DMZ interface ip address as this will be for inbound access from the Internet.

For the inside NIC of the web server, if the wireless ip subnet is also in 192.168.1.0/24 then you don't need to configure default gateway for that inside NIC because they are in the same subnet, so it will arp for the ip address. Otherwise, if your wireless is in different subnet, then you can configure static route for routing towards the inside NIC.

Our web server is also sending data over VPN via 192.168.1.14. If i remove gateway it cannot send data over VPN.

That's mean:

1st. I need to remove default gateway of 192.168.1.0/24 range

2n I need to write static route on 192.168.1.0/24 range. Is that correct.

"route add -p 192.168.1.14 mask 255.255.255.255 192.168.1.1"

1st/ yes, you are correct. You have to removed the default gateway for the 192.168.1.0/24 (inside subnet).

2nd/ no, you don't configure static route for 192.168.1.0/24 because that is directly connected subnet. What is your vpn ip pool? you will need to add route for your vpn ip pool subnet to point to 192.168.1.1

How to configure IP Pools and route on the firewall. Please kindly advice for me.

Thanks

Amaraa

No, you mentioned that it's also sending traffic towards the VPN, so you would need to find out what is the VPN remote LAN subnets, and configure route on the web server itself for the VPN remote LAN subnet to point towards the firewall inside interface.

I think this is remote VPN address. Now how to configure route on web server.

Thanks

Amaraa