Help needed. my pc's in HQ and warehouse can't ping the web server.

ruihern10 · ‎08-10-2024

MY PC in HQ and Warehouse can't ping the web server but can ping the dns server. i have configured the dns but can't seem to be able to access the web server using the web browser. what can i do to solve it? or are yall able to help me change the configuration?

Flavio Miranda · ‎08-10-2024

@ruihern10

You are missing routes on the switch in the HQ and route in the router in the DMZ, I am sending you a working file for you to compare.

ruihern10 · ‎08-10-2024

i see you added the default static route on the switch and router. i can now type in the ip address to access the web server but i still can't use the dns name to access. Also, is there any way that the firewall can be configured so that i can add a nameif and configure the right part of the network as my outside network. The end goal is for all the PC inside the network and outside the network to be able to access the DMZ servers.

Flavio Miranda · ‎08-10-2024

The problem is on the firewall. If you create interfaces with different security level, you need to work with ACL to permit the traffic.

For simplicity, I put all the interfaces on the same security level and you can access the google.com from the PC.
I would use interfaces on the firewall instead the vlan and I did not see a reason for using NAT.

ruihern10 · ‎08-10-2024

What ACL do i need to do to fix the problem for the dns without changing the security level?

Flavio Miranda · ‎08-11-2024

You need to use a different firewall. The ASA 5505 does not support 3 interfaces in the way you want. I used the 5506 as you can see.

I create 3 interfaces, inside, outside and DMZ. The firewall assign the security level for you based on this names. Then, you need to have ACL. I did the easy work and allow anything to anything on both interfaces but it is up to you now do the specifics.