Solved: Setting up a mock DMZ

vesiclife1 · ‎10-19-2016

I have set up a DMZ with a web server on a host behind a Cisco ASA 5505 firewall version 8.2 (5)

I set up security levels and can access the web server in the DMZ from the inside vlan interface (192.168.5.12)and RDP to the host on the outside vlan interface (192.168.4.1). The DMZ interface is (192.168.6.11). I would like to be able to initiate traffic from the outside host (192.168.4.2)to the DMZ host (192.168.6.13) to access the Web Server (port 80 traffic). The firewall is not connected to a public IP so I don't think I need NAT to be able to access the DMZ Web Server.

Any help would greatly be appreciated.

vesiclife1 · ‎10-23-2016

My traffic from the inside was not getting through. I ran packet-tracer and NAT was blocking the traffic. I removed the NAT statement and my traffic went through.

I then added an ACL to permit port 80 traffic and applied it to both interfaces then http a.b.c.d w.x.y.z outside let my web traffic in from the outside.

It's up and running. I will look into xlate.

View solution in original post

Pulkit Saxena · ‎10-23-2016

On older code, you should have a static identity NAT to allow such kind of traffic. It will ensure that there is a proper xlate entry all the time.

-

Pulkit

vesiclife1 · ‎10-23-2016

My traffic from the inside was not getting through. I ran packet-tracer and NAT was blocking the traffic. I removed the NAT statement and my traffic went through.

I then added an ACL to permit port 80 traffic and applied it to both interfaces then http a.b.c.d w.x.y.z outside let my web traffic in from the outside.

It's up and running. I will look into xlate.