Solved: How to config firewall if accessing from dmz to inside lan - Page 2

riderfaiz · ‎04-11-2013

Hi everyone,

Hope you can help on this.

We have a ASA with IOS 8.44. We just configured a dmz zone. Now we try to access a share of a windows server in INSIDE interface from another windows server in dmz, So on the server in DMZ, I will type \\INSIDE_Server\SharedName (or \\ip_of_inside server\SharedName) to access the share.

On the firewall, I open tcp port 137, 138, 139, and 445 to allow from DMZ to access to Inside server. But I failed. So what do I need to configure so that I can complete my task?

Also, we have some internal DNS in INSIDE interface. How do I make my DMZ server to use the inside DNS servers for dns resolution?

Hope you can help. Thank you!

Takami Chiro

Julio Carvajal · ‎04-12-2013

Hello Bobson,

exactly, what Jouni said is what is need it to allow full communication,

now to test the config you could also run a packet-tracer

packet-tracer input dmz2 tcp 172.20.0.49 1025 10.10.0.9 137

Also remember to rate all of the helpful posts, that is as important as a thanks, let us know if you do not know how

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

riderfaiz · ‎04-12-2013

Hi Jouni and JCarvaja, thank you very much again for your tips. Little overwhelming here... I really appreciate it. At this point, I will be fine. If I need help I will definitely post another question.

I will rate you both too! Have a great weekend!

Takami

Jouni Forss · ‎04-12-2013

Glad to hear (if its indeed working now?)

And likewise!

- Jouni

Julio Carvajal · ‎04-12-2013

Hello,

Glad to hear sr.

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC