Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
0
Helpful
1
Replies

Issue accessing published application via DMZ (possible NAT issue)

mverroya12
Level 1
Level 1

‎04-17-2018 04:51 PM - edited ‎02-21-2020 07:38 AM

I'm having issue accessing the published application at DMZ via ASA2 at DC2. See screenshot below. 

I have no issue accessing any DMZ application via ASA1. 

No problem accessing any application in ASA1 at DC1. 

Communication is fine, I can ping 10.x.0.5 from both DC1 and DC2 and from ASA1 and ASA2. 

 

at ASA1 I configured the https  for outside interface;  routing is ok + NAT like this. 

access-list outside_access_in line 51 extended permit tcp any host 10.x.0.5  eq https

route 10.0.0.0/8 via Core 1 at DC1

object network 10.x.0.5

 


host 10.x.0.5

nat (inside,outside) static x.x.x.x  service tcp https https

 

 

ASA2 

[allow any traffic from ASA1 to access DMZ 10.x.0.5]

access-list inside_access_in line 2 extended permit tcp any host 10.x.0.5 eq https

nat (any,dmz) source static any any destination static 10.x.0.5 10.x.0.5  no-proxy-arp route-lookup

route 0.0.0.0 0.0.0.0  to ASA1 (DC1) 

 

is there anything I missed here? I believe this is NAT issue. Any suggestion what's the best approach in this scenario? 


dmz-dc2.PNG

 

Labels:
Preview file
15 KB
0 Helpful
1 Reply 1

Dennis Mink
VIP Alumni
VIP Alumni

‎04-17-2018 07:20 PM

run a packet capture on your ASA2 and see if traffic to your DMZ2 is actually arriving at the ASA2

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card