ASA 5510 DMZ setup

Unanswered Question
May 11th, 2008

I tried to make ASA 5510 work as it mentioned in the Getting Started Guide that came with the ASA appliance. It is a basic DMZ scenario where I have a web server running on 10.30.30.30 and outside interface on ASA is 209.165.200.225. I followed all the steps mentioned in the guide. For step 1, I configured IP pools for Network Translation, For step 2, I configured Address Translations on Private Networks. For Step 3, I defined external identity of the web server that is 209.165.200.225. And for step 4 , I provided http access to the web server.

The problem is when I connect a pc on a outside network, I was not able to access the web server. I could ping web server (10.30.30.30) from ASA but not from a pc that is connected to outside interface. Is it a routing problem? Do I need to do something else?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dshrestha Sun, 05/11/2008 - 21:24

Before I set up DMZ, I should be able to communicate from inside interface to outside interface and vice versa. My outside interface is on 209.165.200.0 and inside interface is 10.10.10.0 network.

Also from the documentation, I should see two vlan, one for inside and one for outside. But when I did

ciscoasa# sh vlan

I don't see any vlan.

Thanks.

srue Wed, 05/14/2008 - 10:28

don't assign vlans unless they are plugged into dot1q ports. if you dont' know what this means, you probably shouldn't do anything.

dshrestha Wed, 05/14/2008 - 20:03

Thanks, but what are the commands that will assign vlan to ASA ports and show vlan information. This is for future reference.

o.ilesanmi Thu, 05/15/2008 - 07:26

Before implementing VLANs, you need to understand the licenses required for this

interface gig x

vlan x

nameif outside

security-level 0

ip address xx.xx.xx.xx

no shut

interface gig y

vlan y

nameif inside

security-level 100

ip add yy.yy.yy.yy

no shut

Actions

This Discussion