11-24-2009 09:41 AM - edited 03-11-2019 09:42 AM
Hi,
I setup a DMZ on an ASA 5505 and left the security level at 50. When I tried to test connectivity to the Internet, it won't allow traffic to the Internet. Can someone please tell me how to fix this issue? Does security level 50 disable port 80?
Thanks in advance,
SK
11-24-2009 09:46 AM
The only signifiacnce of the security level is whether it is higher, lower or the same as other interfaces it wishes to talk to. For a DMZ 50 is fine.
You should look at:
NAT - "show run nat", "show run global" - assunimg it's a private IP range on the DMZ.
Access-lists - "show run access-group", "show run access-list"
and default route out the outside interface - "show route".
11-24-2009 01:49 PM
SK in addition to previous poster , especifically you need to allow outbound traffic for dmz, also ensure dmz host have proper DNS.
i.e
access-list dmz_access_in extended permit ip any any
access-group dmz_access_in in interface dmz
or if just port 80 and ftp only then:
access-list dmz_access_in permit tcp any any eq 80
access-list dmz_access_in permit tcp any any eq 21
check nat for dmz network via outbound outside global interface
global (outside) 1 interface
nat (dmz ) 1
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide