06-27-2012 06:07 AM - edited 03-11-2019 04:23 PM
I have a new ASA 5510 firewall, the objective is to set up a DMZ zone. my problem is I can't access to the web server in the DMZ from outside
DMZ ==========> outside OK
INSIDE ==========> DMZ OK
DMZ ============> Inside OK
OUTSIDE ==========> DMZ NOK "FAIL"
I put in attachment the running-config file. could you help me please?
06-27-2012 06:28 AM
My guess would be missing NAT rule from outside to dmz ....
06-27-2012 06:40 AM
could you give me more information?
I already put a static nat
"static (DMZ, outside) tcp interface 7010 10.10.10.2 7010 netmask 255.255.255.255"
06-28-2012 01:02 AM
Hmm, obvious maybe but is the dmz server listening at port 7010 ? Have you turned on debugging this will help you to see what is going wrong ...
06-28-2012 02:50 AM
Hi willem,
Yes, in the debug level, I see that everything is permitted. I was not blocking.
06-28-2012 02:05 AM
Hi,
You could check you firewall settings (which seem ok though) with the command "packet-tracer" from the CLI
For example with the following command:
packet-tracer input
From the output check especially what the NAT phases of the packet-tracer say.
Also you can use the graphical user interface ASDM to check the realtime monitor/logging to show what happens to the TCP connection. (For example if the connection is torn down because of SYN timeout or perhaps just TCP Reset)
And if you want to go even more deeper you can create a traffic capture on the ASAs outside interface for this traffic and view the capture on Wireshark for example to see whats happening on the connection.
PS. I guess you have changed you configurations abit since your attached configuration and the outside interface mentioned in the replys are different (
Foptique -> outside)
- Jouni
06-28-2012 03:06 AM
Hi
Thank you for your help,
I'll do the test with Packet trace just when I returned to the office and give you the answer.
Concerning the name of the interface, I changed it in the discuss to be meaningful.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide