I am facing issues in connecting a pc from outside interface to dmz interface on cisco 5505 asa firewall. The icmp ping is successfull from outside pc to dmz server but failed to establish any tcp connection.
ASA Version 8.4(2)
!
hostname ciscoasa
names
!
interface Ethernet0/0
switchport access vlan 3
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
switchport access vlan 2
!
interface Vlan1
nameif inside
security-level 100
ip address 10.1.1.6 255.255.255.252
!
interface Vlan2
nameif outside
security-level 0
ip address 10.1.1.1 255.255.255.248
!
interface Vlan3
no forward interface Vlan1
nameif DMZ
security-level 50
ip address 10.1.1.10 255.255.255.252
!
object network dmz
host 10.1.1.9
object network inside
host 10.1.1.5
!
route outside 0.0.0.0 0.0.0.0 10.1.1.2 1
!
access-list icmp_http_ftp extended permit icmp any object inside
access-list icmp_http_ftp extended permit icmp any object dmz
access-list icmp_http_ftp extended permit tcp any object dmz eq www
access-list icmp_http_ftp extended permit tcp any object dmz eq ftp
!
!
access-group icmp_http_ftp in interface outside
object network dmz
nat (DMZ,outside) static 10.1.1.3
object network inside
nat (inside,outside) dynamic interface
class-map cmap
match default-inspection-traffic
!
policy-map pmap
class cmap
inspect ftp
inspect http
inspect icmp
!
service-policy pmap global
!
telnet timeout 5
ssh timeout 5
Kindly can anyone provide feedback of where i am going wrong.
