I'm configuring a 515E for the first time and it has five interfaces configured. It's running in routed mode in a single context. I'm used to transperent mode and multiple contexts so I'm unsure about the orientation of the ACL's.
I'm trying to allow traffic in from the outside to webservers in the DMZ. I've set up static NAT for each server with a public address on the outside and a private address on the inside.
ASDM say's the ACL entries are incomplete, have I got something wrong?:
name 10.0.x.x DOTNET01i1
name 195.58.x.x DOTNET01i1-OUT
!
static (DMZ,outside) DOTNET01i1-OUT DOTNET01i1 netmask 255.255.255.255
!
object-group network ALL-DMZ-www
description All DMZ web servers
network-object DOTNET01i1 255.255.255.255
!
object-group network Public_Web_Servers
description All web servers with public routable addresses
network-object DOTNET01i1-OUT 255.255.255.255
!
object-group service http_and_https tcp
description TCP Ports 80 and 443
port-object eq www
port-object eq https
!
access-list inbound extended permit tcp any object-group Public_Web_Servers object-group http_and_https
!
access-list DMZ-inbound extended permit tcp any object-group ALL-DMZ-www object-group http_and_https
!
access-group inbound in interface outside
access-group DMZ-inbound in interface DMZ
Any pointers appreciated!