07-02-2023 12:03 AM
Hi guys ,
I can't seem to allow my inside subnet to surf the web server in dmz. but my outside subnet is able to access my web server in dmz.
access-list allow-web_inside extended permit tcp host 192.146.2.162 any eq www
access-list allow-web_inside extended permit tcp host 192.146.2.162 any eq 443
access-list allow-web_inside extended permit tcp any host 192.146.2.162 eq www
access-list allow-web_inside extended permit tcp any host 192.146.2.162 eq 443
access-list allow-web_inside extended permit tcp any any eq www
access-list allow-web_inside extended permit tcp any any eq 443
access-list allow-web_inside extended permit ip any any
i've tried all this but it doesn't seem to work.
it only works when i put
access-list internal-access-acl extended permit ip any any.
but doesn't this allows everything to go into my internal network ? how come my outside can't go into my internal network ?
07-02-2023 03:11 PM
Are you NATing the inside network to the webserver?
Check your DNS that you are resolving to the private IP of the web server.
Do a packet-tracer from the inside network to the DMZ web server on the ASA5506 to verify connectivity on port tcp/443 and tcp/80
07-02-2023 03:13 PM
You use real IP or mapped IP of Web server ? flapping it and check if it work.
07-02-2023 03:51 PM
Where did you apply the ACL allow-web_inside?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: