Public server unreachable in the DMZ

olanrewajuatanda · ‎12-02-2016

Community,

I attempted to configure a web server in the DMZ using a separate public address than the one on my outside interface, provided by the ISP-conforming with:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113425-asdm-pub-server-00.html

The configuration was tested with packet tracer and it checked out well for all addresses. However rea connection could not be established to the webserver.

ASA version: 9.1(2)

ASDM version: 7.1(3)

please what aspect of my configuration will you like to check to support?

Thank you

nspasov · ‎12-05-2016

If packet-tracer is succeeding then things on the ASA are probably OK since packet-tracer checks for ACLs, NAT, routing, etc. Where are those DMZ hosts located? Are they directly connected to the ASA or they running behind another device that is connected to the ASA?

If you have an extra hop/device on the network then I would suggest you check routing, ACLs, aprp, etc on that segment on the network.

I hope this helps!

Thank you for rating helpful posts!

olanrewajuatanda · ‎12-06-2016

Thank you Nevo. There is just a single host in the DMZ directly connected to the ASA. The service on the desired port is reachable from the INSIDE, however to reach it from the OUTSIDE is the issue.I have a designated public address translated to reach this host.

Collin Clark · ‎12-05-2016

Do you have arp permit-nonconnected enabled?