Serevr communication issue between Inside and DMZ Zone

Unanswered Question
Mar 30th, 2008

Hi, I have ASA 5505 FW and its configured fine and all internal machines can access DMZ machines and DMZ machines can access the inside machines (Made access rule for this). Now My all Application Server is in DMZ Zone and DB server which is in Internal Zone but there is some issue in communication between Application Server and DB Server. Although, both app server and bd server are able to ping and access the file and print sharing as well but there is some blocking due to which application is not responding but when I swap DB server from Inside Zone to DMZ Zone then Application works but when I switch back to DB Server in internal Zone then Application doesn't work. Communication is proper between Servers but not able to reconize what's an issue(blocking). Can anyone help me??? Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
emad.silicon Sun, 03/30/2008 - 09:16

Hi Dear :

First of all you have to trun on loggin on your ASA to see if there is any deny , then I thing your problem is an application inspection , this mean you have to add some inspection command on the ASA global_policy to inspect your application , and just to remaind you it is a big mastake that you apply an access-list to DMZ interface permit ip any any this will open a big security back door for hakers friend Never open ip any any from dmz to inside, whatever send me the application name that you install in your server and I'll try to write the commands for you friend.

Emaf Farag.

ray_stone Sun, 03/30/2008 - 09:22

I want that I could able to access the machines from DMZ to inside machines and for this I made this rule. I want to use 80,3389,1433 services from DMZ to inside host but if i make access list for these ports then could it be a issue between IIS Server (DMZ Zone) and DB Server (In inside zone) that's why I opened all ports between DMZ to Inside. Please advice.

acomiskey Mon, 03/31/2008 - 07:25

static (inside,DMZ) netmask


This Discussion