Have you any outbound ACL on

abdelkarim.yousef · ‎02-14-2017

I have ASA 5520 with DMZ and LAN networks configured

DMZ security is 50

LAN security is 100

traffic from LAN to DMZ is permitted by default

i want to open file share from DMZ PC to LAN PC

i created access list to test the operation

access-list dmz_in extended permit ip host DMZ_PC host LAN_PC

i was able to ping, RDP LAN_PC from DMZ_PC, but I can't open any file sharing.

LAN_PC has windows server 2008 R2

i tested the operation with another LAN PC (server 2003) and i was able to access anything.

note: file sharing on LAN PC (server 2008) works fine from any LAN PC

Philip D'Ath · ‎02-14-2017

Try opening the share via IP address and see what happens.

abdelkarim.yousef · ‎02-15-2017

the Share folder is in AD environment, and i tried to access it via IP but didn't work

Philip D'Ath · ‎02-14-2017

If the shares are in an AD environment then it will need a lot of access to the AD controllers as well.

Aydin Ehtibarov · ‎02-15-2017

Have you any outbound ACL on LAN interface ? what is packet tarcert result for any tcp port ?

try packet-tracer input < inteface name> tcp <dmz_pc> 5678 lan_pc 445

abdelkarim.yousef · ‎02-15-2017

the access groups that i have for inbound connections (LAN_in, Out_in, DMZ_in).

i created only an access list without any NAT rule

i tested packet tracer and it was permitted (allowed).

File Share access from DMZ server to LAN server