web server cant be reachable from internet in dmz on ASA 5525
Yesterday I tried to set a DMZ on Cisco ASA 5525
And i have a server in DMZ already with 192.168.10.20
I have also a public IP of 188.8.131.52 from my ISP
So when i hit the ISP IP via internet to access my web server in DMZ it gives me an error that :
The request URL could not be retrieved
But when i place my PC in the middle of ISP and my firewall hit the same public IP i can reach my web server via HTTP port
i have done all my configs including NAT and ACCESS-LIST
How can i resolve this ??
the down are my configurations
interface Gigabit Ethernet/2 name if DMZ security-level 50 IP address 192.168.10.2 255.255.255.0 ! interface Gigabit Ethernet/3 name-if OUTSIDE security-level 0 IP address 184.108.40.206 255.255.255.248 !
object network Web Server host 192.168.10.20 object network Web Global host 220.127.116.11 access-list OUTSIDE_access_in extended permit tcp any object Web Server eq WWW access-list OUTSIDE_access_in extended permit tcp any object Web Server eq https access-list OUTSIDE_access_in extended permit icmp any object Web Server echo pager lines 24 mtu DMZ 1500 mtu OUTSIDE 1500 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected nat (OUTSIDE,DMZ) source static any any destination static WebGlobal WebServer access-group OUTSIDE_access_in in interface OUTSIDE route OUTSIDE 0.0.0.0 0.0.0.0 18.104.22.168 1
Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. This distinction recognizes Cisco's ingenuity in redefining the firewall as the basis for an integrated security platform.
Find out how Cisco stands out from the comp...
Hi experts,I would like any suggestions on this topology. We are is the middle of replacing our old ASA5520 with the new FirePower. Our current firewall terminate our IPsec tunnels and the GRE is terminated on the first inside router's loopback on the sec...
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...