allow external users to access Web Portal server on DMZ zone

Unanswered Question
Mar 25th, 2007

Our company having Web Portal Server on DMZ Zone and Oracle Server is in inside zone. We need to configure in such a manner that external user can access the web based application through DMZ zone. For that, we configured ASA and we did static translation & opened the necessary port to communicate between the Oracle server and Web Portal server. And it?s working fine from DMA zone.

And from outside to DMZ zone, we opened http and https port for web portal server, and I can access web portal server externally but data is not visible if you click on URL of the portal server. Its means, it?s not connecting the oracle server through web portal server from external interface.

Please suggest us some standard configuration to solve this issue or your suggestion to solve this problem

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hoogen_82 Sun, 03/25/2007 - 02:41

Could you post your configuration? Are you doing port forwarding from outside to DMZ?

-Hoogen

manojdubey02 Sun, 03/25/2007 - 03:22

There are following configuration details -

object-group network DMZ1_WEB

description DMZ Web Server

network-object host 10.183.94.5

object-group network Inside_Oracle

network-object host 10.183.90.16

network-object host 10.183.90.11

object-group service DMZtoInside tcp-udp

port-object eq 8000

port-object eq 389

port-object eq www

access-list acl-dmz1 extended permit tcp object-group DMZ1_WEB object-group Inside_Oracle object-group DMZtoInside

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

global (dmz1) 1 interface

static (dmz1,outside) 84.255.146.118 10.183.94.5 netmask 255.255.255.255

static (inside,dmz1) 10.183.90.16 10.183.90.16 netmask 255.255.255.255

static (inside,dmz1) 10.183.90.11 10.183.90.11 netmask 255.255.255.255

access-group acl-out in interface outside

access-group acl-in in interface inside

access-group acl-dmz1 in interface dmz1

access-list acl-out extended permit tcp any host 84.255.146.118 eq http

access-list acl-out extended permit tcp any host 84.255.146.118 eq https

astroman Sun, 03/25/2007 - 19:49

You have an access-group 'acl-in' applied to your inside interface, but you haven't posted the ACL config belonging to this access-group. This could be the reason that the traffic is not flowing correctly.

Also, are you positive that the ports in object-group 'DMZtoInside' are the correct ports that your web server is using to communicate with the back-end Oracle server?

manojdubey02 Sun, 03/25/2007 - 22:36

As per my earlier mail, I can access all the web based application on DMZ zone & its working fine on DMZ zone. Its means Web Portal is communicating with back-end Oracle server. And i can access web portal from outside but once click on the link of the page, data is not retrieving from back-end oracle server.

hoogen_82 Mon, 03/26/2007 - 09:26

Sorry for the delay in replying I had to go out of town to visit one my clients. Anyway okay have you got some logs enabled from your ASDM you could look into the real time live log and find out what error is popping up when you try to access the web server from outside.

-Hoogen

Actions

This Discussion