08-10-2024 01:45 PM - last edited on 08-10-2024 03:15 PM by rupeshah
MY PC in HQ and Warehouse can't ping the web server but can ping the dns server. i have configured the dns but can't seem to be able to access the web server using the web browser. what can i do to solve it? or are yall able to help me change the configuration?
08-10-2024 02:31 PM
You are missing routes on the switch in the HQ and route in the router in the DMZ, I am sending you a working file for you to compare.
08-10-2024 03:07 PM
i see you added the default static route on the switch and router. i can now type in the ip address to access the web server but i still can't use the dns name to access. Also, is there any way that the firewall can be configured so that i can add a nameif and configure the right part of the network as my outside network. The end goal is for all the PC inside the network and outside the network to be able to access the DMZ servers.
08-10-2024 05:50 PM
The problem is on the firewall. If you create interfaces with different security level, you need to work with ACL to permit the traffic.
For simplicity, I put all the interfaces on the same security level and you can access the google.com from the PC.
I would use interfaces on the firewall instead the vlan and I did not see a reason for using NAT.
08-10-2024 07:43 PM
What ACL do i need to do to fix the problem for the dns without changing the security level?
08-11-2024 05:32 AM
You need to use a different firewall. The ASA 5505 does not support 3 interfaces in the way you want. I used the 5506 as you can see.
I create 3 interfaces, inside, outside and DMZ. The firewall assign the security level for you based on this names. Then, you need to have ACL. I did the easy work and allow anything to anything on both interfaces but it is up to you now do the specifics.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide