allow external users to access Web Portal server on DMZ zone

Unanswered Question
Mar 25th, 2007
User Badges:

Our company having Web Portal Server on DMZ Zone and Oracle Server is in inside zone. We need to configure in such a manner that external user can access the web based application through DMZ zone. For that, we configured ASA and we did static translation & opened the necessary port to communicate between the Oracle server and Web Portal server. And it?s working fine from DMA zone.


And from outside to DMZ zone, we opened http and https port for web portal server, and I can access web portal server externally but data is not visible if you click on URL of the portal server. Its means, it?s not connecting the oracle server through web portal server from external interface.


Please suggest us some standard configuration to solve this issue or your suggestion to solve this problem


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hoogen_82 Sun, 03/25/2007 - 02:41
User Badges:
  • Silver, 250 points or more

Could you post your configuration? Are you doing port forwarding from outside to DMZ?


-Hoogen

manojdubey02 Sun, 03/25/2007 - 03:22
User Badges:

There are following configuration details -



object-group network DMZ1_WEB


description DMZ Web Server


network-object host 10.183.94.5


object-group network Inside_Oracle


network-object host 10.183.90.16


network-object host 10.183.90.11


object-group service DMZtoInside tcp-udp


port-object eq 8000


port-object eq 389


port-object eq www


access-list acl-dmz1 extended permit tcp object-group DMZ1_WEB object-group Inside_Oracle object-group DMZtoInside


nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

global (dmz1) 1 interface


static (dmz1,outside) 84.255.146.118 10.183.94.5 netmask 255.255.255.255



static (inside,dmz1) 10.183.90.16 10.183.90.16 netmask 255.255.255.255


static (inside,dmz1) 10.183.90.11 10.183.90.11 netmask 255.255.255.255


access-group acl-out in interface outside


access-group acl-in in interface inside


access-group acl-dmz1 in interface dmz1


access-list acl-out extended permit tcp any host 84.255.146.118 eq http


access-list acl-out extended permit tcp any host 84.255.146.118 eq https



astroman Sun, 03/25/2007 - 19:49
User Badges:

You have an access-group 'acl-in' applied to your inside interface, but you haven't posted the ACL config belonging to this access-group. This could be the reason that the traffic is not flowing correctly.


Also, are you positive that the ports in object-group 'DMZtoInside' are the correct ports that your web server is using to communicate with the back-end Oracle server?

manojdubey02 Sun, 03/25/2007 - 22:36
User Badges:

As per my earlier mail, I can access all the web based application on DMZ zone & its working fine on DMZ zone. Its means Web Portal is communicating with back-end Oracle server. And i can access web portal from outside but once click on the link of the page, data is not retrieving from back-end oracle server.

hoogen_82 Mon, 03/26/2007 - 09:26
User Badges:
  • Silver, 250 points or more

Sorry for the delay in replying I had to go out of town to visit one my clients. Anyway okay have you got some logs enabled from your ASDM you could look into the real time live log and find out what error is popping up when you try to access the web server from outside.


-Hoogen

manojdubey02 Sun, 03/25/2007 - 08:28
User Badges:

Hi Hoogen,


I am waitng for ur reply to solve this above issue.

Actions

This Discussion