i have not configured my Cisco ASA to allow the dmz server to be accessed from outside network. can any one please help me in this configuration , i am new to ASA. please Help.
My dmz network is 172.16.0.0/24
My Outside Network is 18.104.22.168/24
my dmz server address is 172.16.0.100.
i need to access my dmz server from 22.214.171.124 host from outside network
i have looked through documents which says i have to configure static(dmz,outside) and Access list i tried to understand them and i did some configurations but those didnt work
please give me appropriate cofiguration so that i can understand well.
So to my understanding you only want to do a Static NAT for your "dmz" server?
And the public IP address you want to use for the "dmz" server is 126.96.36.199
Then you can use this configuration
static (dmz,outside) 188.8.131.52 172.16.0.100 netmask 255.255.255.255
access-list OUTSIDE-IN remark Allow connection to DMZ server
access-list OUTSIDE-IN permit tcp any host 184.108.40.206 eq 80
access-group OUTSIDE-IN in interface outside
The above configuration configure the Static NAT and also the ACL that is attached to the "outside" interface to allow TCP/80 = HTTP from the Internet to the "dmz" server. Naturally you open the services that are needed.
Hopefully this helps
Please remember to mark the reply as the correct answer if it answered your question. And/or rate helpfull answers
Ask more if needed
thanks for the reply JouniForss
my problem is still there .
i am including some more details here , please help
my public ip of dmz server is 220.127.116.11
static (dmz,outside) 18.104.22.168 172.16.0.100 netmask 255.255.255.255
access-list OUT-IN remark Allow connection to DMZ server
access-list OUT-IN extended permit tcp any host 22.214.171.124 eq www
access-group OUT-IN in interface outside
i used these commands with your the help of ur post ...
but i still can't access my dmz server from internet or outside
i have included the file required for u to understand the topology and configurations plz help
refering to topology image
i have tried to access the website 126.96.36.199 from 188.8.131.52 (i.e) windows_xp_pro
You should be able to confirm that the ASA rules are correct with the command "packet-tracer"
You can for example use
packet-tracer input outside tcp 184.108.40.206 12345 220.127.116.11 80
This should tell us what configurations/rules on the ASA are applied to this simulated connection/packet arriving on the ASA
For what I can see there shouldnt really be anything stopping this connection on the ASA. Naturally there can be several issues affecting the connectivity elsewhere.
But try the "packet-tracer" command. It should pretty much tells us if the ASA has any problems related to the attempted connection