General discussion

Locked

Cisco ASA DMZ Configuration

By Karmcsa ·
Hi All,

I have configured a webserver in DMZ in our cisco asa 5510 series.

The problem I am facing is from the web server I am not able to access the internet rest everything is working fine.

The below is my configuration.
webserver IP : 192.168.88.90
Interface:

OUTSIDE Our static IP
Inside 192.168.99.0
dmz 192.168.88.0

static (INSIDE,DMZ) 192.168.99.0 192.168.99.0 netmask 255.255.255.0

access-list ntldmz extended permit tcp host 192.168.88.90 any eq www

access-group ntldmz in interface DMZ
acess-group 120 in interface outside
static (DMZ,OUTSIDE) x.x.x.x 192.168.88.90 netmask 255.255.255.255


access-list 120 extended permit tcp any host x.x.x.x eq www

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Access-list

by NetMan1958 In reply to Cisco ASA DMZ Configurati ...

Using this access-list:
access-list ntldmz extended permit tcp host 192.168.88.90 any eq www

The only port your webserver can send through the ASA is 80. If the DNS server is on a different segment than the web server the it won't be able to resolve any names.

Try this:
access-list ntldmz extended permit tcp host 192.168.88.90 any

Back to Networks Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums