How do i put a server in a DMZ zone?

Unanswered Question
Aug 18th, 2008

Is it just a couple commands to put a server in a DMZ zone? HELP!

Here is what i need....

i have a server which needs to be access from the outside from any ip address.... and in the inside address from on the network only.. Can it be done?

I have an ASA 5520...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Marwan ALshawi Mon, 08/18/2008 - 18:49

lets say the DMZ network is

and the server IP is

do the following

static (DMZ, outside) netmask

if u have a public ip address on the internat and u want users from internet to access that server on the dmz from the internet though that public ip do the following

lets say the public ip is

static (DMZ, outside) netmask

now u need an ACL on to apply it on the outsid einterface to allow traffic going to DMZ server asuming that the DMZ security level is higher than the ouside

without public IP address

access-list 100 permit ip any host

with public IP

access-list 100 permit ip any host

no apply it on the outside interface

access-group 100 in interface outside

now let go to the traffic from inside to DMZ server

static (DMZ, inside) netmask

now the traffic from inside to server will work ok but if u want the server to start the communication with inside network u need ACL to be applied on the DMZ

interface assuming that insidesubnet mask is as follow;

access-list 110 permit ip host

access-group 110 in interface DMZ

and every think wil work

if u need any more details just post here

good luck

please if helpful Rate

accesshollywood2 Mon, 08/18/2008 - 18:55

AWESOME!. i will try when i get to work tommorow... here is one thing....

the cisco webvpn points to the server that has RDP enabled. Basically, once they log into the webvpn, they go to the remote desktop to one of our servers then log in...

would this make any difference?

accesshollywood2 Mon, 08/18/2008 - 18:57

so would i need to use the public IP or the internal IP scheme? since bascially i am using the cisco Webvpn to connect to the server?

accesshollywood2 Tue, 08/19/2008 - 04:48

Everything has been working for a while with this technology. I am on Version 8.0 of the ASA os. Do i still need the RDP plug in? That was the reason we upgraded to 8.0 from 7.2

accesshollywood2 Tue, 08/19/2008 - 06:15

look at the config file that i attached...

the server IP address that i need to put in the DMZ zone is

I wouldnt think it would matter if i was accessing from webvpn. Because once i log in to webvpn it takes us to the RDC page.


This Discussion