Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
857577
Views
0
Helpful
4
Replies

ASA 5510 , can not access the server in DMZ from outside

Muhammad Azhar
Level 1
Level 1

‎08-06-2011 01:58 PM - edited ‎03-11-2019 02:08 PM

Hi Every one,

I get stuck in a problem, i need your help in this regard.

Scenior is very simple ---->   Inside-Pc----->Switch 3560----->(inside) ASA5510 (outside)------>ISP

                                                                                                                |

                                                                                                                |

                                                                                                           DMZ Server

My configuration is of ASA is

access-list TEST permit ip any host x.x.x.x   (where x.x.x.x is my live IP to access server in DMZ)

access-group TEST in interface outside

static (dmz,outside) x.x.x.x 192.168.2.2          (where x.x.x.x is Live IP, the same i mention in my ACL TEST)

route outside 0.0.0.0 0.0.0.0 x.x.x.y   (where x.x.x.y is my ISP ...default route to ISP).

interface eth0/0

des Connected to ISP

ip add x.x.x.x 255.255.225.248

nameif outside

security-level 0

no sh

interface eth0/1

des *****INSIDE*********

nameif inside

ip add 10.10.10.1 255.255.255.252

security-level 100

no sh

interface eth0/2

des *******DMZ******

nameif dmz

security-level 50

no sh

ip add 192.168.2.1 255.255.255.0

When i use the ASA we can access the server in dmz from internt, but when we use the router 2800  ( on which i have use some static mapping for same server)  then it work fine. My DMZ machine can ping the ASA dmz interface and vice versa.

I have even test the same on GNS3 and it working.

What can be the reason for not working my config or any other reason that can be ..............your response will be appreciated.

Labels:
0 Helpful
4 Replies 4

varrao
Level 10
Level 10

‎08-06-2011 09:04 PM

Hi Muhammad,

Can you run thisd packet tracer and give me the output:

packet-tracer input outside tcp 1.1.1.1 2345 xx.xx.xx.xx 80 detailed

this would help in identifying, moreover, take captures:

https://supportforums.cisco.com/docs/DOC-1222

Hope this helps,

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

NAGISWAREN2
Level 1
Level 1

‎08-11-2011 07:58 PM

Have DMZ access-list allow DMZ host to reach external?

eq

access-lest dmz-in permit ip host 192.168.2.2 any

access-group dmz-in dmz in

And is the service (which you trying to aceess the server) has been enabled for inspection in global service policy?

Regards, Nagis
0 Helpful

jurgendendas
Level 1
Level 1

‎08-12-2011 01:55 AM

Hello

What OS are you running?

Kind regards

0 Helpful

Muhammad Azhar
Level 1
Level 1
In response to jurgendendas

‎09-05-2011 04:15 AM

All, Thanks for your response.

Problem was sort out. Actually the problem was at service provider side.Configuration was fine and now working.

Regards

Date: Fri, 12 Aug 2011 02:56:48 -0600

From: supportforums-donotreply@jivesoftware.com

To: azharafp@hotmail.com

Subject: - Re: ASA 5510 , can not access the server in DMZ from outside

Cisco Support Community

Re: ASA 5510 , can not access the server in DMZ from outside

created by jurgen Dendas in Firewalling - View the full discussion

Hello What OS are you running? Kind regards

Reply to this message by going to Cisco Support Community

Start a new discussion in Firewalling at Cisco Support Community

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card