Hi,
Am having troubles trying to configure our ASA 5510 which we would like to host our servers within DMZ.
Packet-tracer doesn't fail and indicates flow is correct.
Details about ASA 5510;
Cisco Adaptive Security Appliance Software Version 9.1(7)
Device Manager Version 7.5(2)153
Config;
hostname SY3FW1
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.16.1.90 255.255.255.0
no shutdown
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
no shutdown
!
interface Ethernet0/2
nameif imm
security-level 50
ip address 172.16.99.1 255.255.255.0
no shutdown
!
interface Ethernet0/3
nameif dmz
security-level 50
ip address 172.16.50.1 255.255.255.0
no shutdown
!
object network inside-subnet
subnet 192.168.1.0 255.255.255.0
object network dmz-subnet
subnet 172.16.50.0 255.255.255.0
object network webserver
host 172.16.50.1
object network webserver-external-ip
host 172.16.1.70
!
access-list outside_acl extended permit tcp any object webserver eq https
access-list dmz_acl extended deny ip any object inside-subnet
access-list dmz_acl extended permit ip any any
!
object network inside-subnet
nat (inside,outside) dynamic interface
object network dmz-subnet
nat (dmz,outside) dynamic interface
object network webserver
nat (dmz,outside) static webserver-external-ip
object-group HTTPS_Server
host 172.16.50.1
nat (dmz,outside) static 172.16.1.70 service tcp https https
!
access-group outside_acl in interface outside
access-group dmz_acl in interface dmz
!
route outside 0.0.0.0 0.0.0.0 172.16.1.1 1
!
policy-map global_policy
class inspection_default
inspect icmp
Am i doing something wrong?
Any feedback would be very much appreciated!
Cheers
