allow external users to access Web Portal server on DMZ zone

Unanswered Question
Mar 25th, 2007
User Badges:

Our company having Web Portal Server on DMZ Zone and Oracle Server is in inside zone. We need to configure in such a manner that external user can access the web based application through DMZ zone. For that, we configured ASA and we did static translation & opened the necessary port to communicate between the Oracle server and Web Portal server. And it?s working fine from DMA zone.

And from outside to DMZ zone, we opened http and https port for web portal server, and I can access web portal server externally but data is not visible if you click on URL of the portal server. Its means, it?s not connecting the oracle server through web portal server from external interface.

Please suggest us some standard configuration to solve this issue or your suggestion to solve this problem

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hoogen_82 Sun, 03/25/2007 - 02:41
User Badges:
  • Silver, 250 points or more

Could you post your configuration? Are you doing port forwarding from outside to DMZ?


manojdubey02 Sun, 03/25/2007 - 03:22
User Badges:

There are following configuration details -

object-group network DMZ1_WEB

description DMZ Web Server

network-object host

object-group network Inside_Oracle

network-object host

network-object host

object-group service DMZtoInside tcp-udp

port-object eq 8000

port-object eq 389

port-object eq www

access-list acl-dmz1 extended permit tcp object-group DMZ1_WEB object-group Inside_Oracle object-group DMZtoInside

nat (inside) 1

global (outside) 1 interface

global (dmz1) 1 interface

static (dmz1,outside) netmask

static (inside,dmz1) netmask

static (inside,dmz1) netmask

access-group acl-out in interface outside

access-group acl-in in interface inside

access-group acl-dmz1 in interface dmz1

access-list acl-out extended permit tcp any host eq http

access-list acl-out extended permit tcp any host eq https

astroman Sun, 03/25/2007 - 19:49
User Badges:

You have an access-group 'acl-in' applied to your inside interface, but you haven't posted the ACL config belonging to this access-group. This could be the reason that the traffic is not flowing correctly.

Also, are you positive that the ports in object-group 'DMZtoInside' are the correct ports that your web server is using to communicate with the back-end Oracle server?

manojdubey02 Sun, 03/25/2007 - 22:36
User Badges:

As per my earlier mail, I can access all the web based application on DMZ zone & its working fine on DMZ zone. Its means Web Portal is communicating with back-end Oracle server. And i can access web portal from outside but once click on the link of the page, data is not retrieving from back-end oracle server.

hoogen_82 Mon, 03/26/2007 - 09:26
User Badges:
  • Silver, 250 points or more

Sorry for the delay in replying I had to go out of town to visit one my clients. Anyway okay have you got some logs enabled from your ASDM you could look into the real time live log and find out what error is popping up when you try to access the web server from outside.


manojdubey02 Sun, 03/25/2007 - 08:28
User Badges:

Hi Hoogen,

I am waitng for ur reply to solve this above issue.


This Discussion