03-25-2007 02:14 AM - edited 03-11-2019 02:51 AM
Our company having Web Portal Server on DMZ Zone and Oracle Server is in inside zone. We need to configure in such a manner that external user can access the web based application through DMZ zone. For that, we configured ASA and we did static translation & opened the necessary port to communicate between the Oracle server and Web Portal server. And it?s working fine from DMA zone.
And from outside to DMZ zone, we opened http and https port for web portal server, and I can access web portal server externally but data is not visible if you click on URL of the portal server. Its means, it?s not connecting the oracle server through web portal server from external interface.
Please suggest us some standard configuration to solve this issue or your suggestion to solve this problem
03-25-2007 02:41 AM
Could you post your configuration? Are you doing port forwarding from outside to DMZ?
-Hoogen
03-25-2007 03:22 AM
There are following configuration details -
object-group network DMZ1_WEB
description DMZ Web Server
network-object host 10.183.94.5
object-group network Inside_Oracle
network-object host 10.183.90.16
network-object host 10.183.90.11
object-group service DMZtoInside tcp-udp
port-object eq 8000
port-object eq 389
port-object eq www
access-list acl-dmz1 extended permit tcp object-group DMZ1_WEB object-group Inside_Oracle object-group DMZtoInside
nat (inside) 1 0.0.0.0 0.0.0.0
global (outside) 1 interface
global (dmz1) 1 interface
static (dmz1,outside) 84.255.146.118 10.183.94.5 netmask 255.255.255.255
static (inside,dmz1) 10.183.90.16 10.183.90.16 netmask 255.255.255.255
static (inside,dmz1) 10.183.90.11 10.183.90.11 netmask 255.255.255.255
access-group acl-out in interface outside
access-group acl-in in interface inside
access-group acl-dmz1 in interface dmz1
access-list acl-out extended permit tcp any host 84.255.146.118 eq http
access-list acl-out extended permit tcp any host 84.255.146.118 eq https
03-25-2007 07:49 PM
You have an access-group 'acl-in' applied to your inside interface, but you haven't posted the ACL config belonging to this access-group. This could be the reason that the traffic is not flowing correctly.
Also, are you positive that the ports in object-group 'DMZtoInside' are the correct ports that your web server is using to communicate with the back-end Oracle server?
03-25-2007 10:36 PM
As per my earlier mail, I can access all the web based application on DMZ zone & its working fine on DMZ zone. Its means Web Portal is communicating with back-end Oracle server. And i can access web portal from outside but once click on the link of the page, data is not retrieving from back-end oracle server.
03-26-2007 09:26 AM
Sorry for the delay in replying I had to go out of town to visit one my clients. Anyway okay have you got some logs enabled from your ASDM you could look into the real time live log and find out what error is popping up when you try to access the web server from outside.
-Hoogen
03-25-2007 08:28 AM
Hi Hoogen,
I am waitng for ur reply to solve this above issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide