Re: DMZ and firewall configuration

urbain58.gu@gmail.com · ‎02-12-2022

I am a beginner at using Cisco packet tracer, and part of my assignment is a network structure that has a DMZ in it and a firewall of course protecting it. the configuration of this firewall is a bit complicated for me since i have 2 servers in the DMZ. I am stuck on the Nat configuration after assigning the routing. Any help on this would be appreciated.

Amine ZAKARIA · ‎02-12-2022

Hello,

Need more info, please share the packet tracer lab file with the addressing/NAT.

Regards!

urbain58.gu@gmail.com · ‎02-12-2022

I did not set the addressing I am clueless on whether to use the domain name system server or web server or if both should be used.

It also has glitches somewhere in it since i can't ping from the inside to the routers attached to the firewall.

Amine ZAKARIA · ‎02-12-2022

Hello,

I have checked the packet tracer file, and i have seen some points:
-You miss configured the interface between ASA and LAN router they are not on same network.
-You need two static routes on ASA to identify from where the LAN network coming from:
route inside 192.168.1.0 255.255.255.0 LAN-ROUTER-IP
route inside 192.168.3.0 255.255.255.0 LAN-ROUTER-IP
-Your default gateway on ASA is incorrect it should be :
route outside 0.0.0.0 0.0.0.0 209.165.200.225 not the 255
-The version 8.0.0 of PT i have tested with likely hitting a nat bug on the ASA, but your nat config seems correct for me only you need to add the subnet 192.168.3.0 into nat too.

You better test with another simulator like eve-ng or GNS3, packet tracer is limited in term of commands

-----------------------------
Don't forget to rate helpful posts!

Regards