12-02-2016 10:14 PM - edited 03-12-2019 01:37 AM
Community,
I attempted to configure a web server in the DMZ using a separate public address than the one on my outside interface, provided by the ISP-conforming with:
The configuration was tested with packet tracer and it checked out well for all addresses. However rea connection could not be established to the webserver.
ASA version: 9.1(2)
ASDM version: 7.1(3)
please what aspect of my configuration will you like to check to support?
Thank you
12-05-2016 12:09 PM
If packet-tracer is succeeding then things on the ASA are probably OK since packet-tracer checks for ACLs, NAT, routing, etc. Where are those DMZ hosts located? Are they directly connected to the ASA or they running behind another device that is connected to the ASA?
If you have an extra hop/device on the network then I would suggest you check routing, ACLs, aprp, etc on that segment on the network.
I hope this helps!
Thank you for rating helpful posts!
12-06-2016 12:00 AM
Thank you Nevo. There is just a single host in the DMZ directly connected to the ASA. The service on the desired port is reachable from the INSIDE, however to reach it from the OUTSIDE is the issue.I have a designated public address translated to reach this host.
12-05-2016 05:50 PM
Do you have arp permit-nonconnected enabled?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide