02-14-2017 07:06 AM - edited 03-12-2019 01:56 AM
I have ASA 5520 with DMZ and LAN networks configured
DMZ security is 50
LAN security is 100
traffic from LAN to DMZ is permitted by default
i want to open file share from DMZ PC to LAN PC
i created access list to test the operation
access-list dmz_in extended permit ip host DMZ_PC host LAN_PC
i was able to ping, RDP LAN_PC from DMZ_PC, but I can't open any file sharing.
LAN_PC has windows server 2008 R2
i tested the operation with another LAN PC (server 2003) and i was able to access anything.
note: file sharing on LAN PC (server 2008) works fine from any LAN PC
02-14-2017 01:03 PM
Try opening the share via IP address and see what happens.
02-15-2017 03:12 AM
the Share folder is in AD environment, and i tried to access it via IP but didn't work
02-14-2017 01:04 PM
If the shares are in an AD environment then it will need a lot of access to the AD controllers as well.
02-15-2017 05:15 AM
Have you any outbound ACL on LAN interface ? what is packet tarcert result for any tcp port ?
try packet-tracer input < inteface name> tcp <dmz_pc> 5678 lan_pc 445
02-15-2017 05:48 AM
the access groups that i have for inbound connections (LAN_in, Out_in, DMZ_in).
i created only an access list without any NAT rule
i tested packet tracer and it was permitted (allowed).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: