10-19-2016 04:08 PM - edited 03-12-2019 01:25 AM
I have set up a DMZ with a web server on a host behind a Cisco ASA 5505 firewall version 8.2 (5)
I set up security levels and can access the web server in the DMZ from the inside vlan interface (192.168.5.12)and RDP to the host on the outside vlan interface (192.168.4.1). The DMZ interface is (192.168.6.11). I would like to be able to initiate traffic from the outside host (192.168.4.2)to the DMZ host (192.168.6.13) to access the Web Server (port 80 traffic). The firewall is not connected to a public IP so I don't think I need NAT to be able to access the DMZ Web Server.
Any help would greatly be appreciated.
Solved! Go to Solution.
10-23-2016 07:57 AM
My traffic from the inside was not getting through. I ran packet-tracer and NAT was blocking the traffic. I removed the NAT statement and my traffic went through.
I then added an ACL to permit port 80 traffic and applied it to both interfaces then http a.b.c.d w.x.y.z outside let my web traffic in from the outside.
It's up and running. I will look into xlate.
10-23-2016 02:49 AM
On older code, you should have a static identity NAT to allow such kind of traffic. It will ensure that there is a proper xlate entry all the time.
-
Pulkit
10-23-2016 07:57 AM
My traffic from the inside was not getting through. I ran packet-tracer and NAT was blocking the traffic. I removed the NAT statement and my traffic went through.
I then added an ACL to permit port 80 traffic and applied it to both interfaces then http a.b.c.d w.x.y.z outside let my web traffic in from the outside.
It's up and running. I will look into xlate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide