08-18-2008 05:39 PM - edited 03-11-2019 06:32 AM
Is it just a couple commands to put a server in a DMZ zone? HELP!
Here is what i need....
i have a server which needs to be access from the outside from any ip address.... and in the inside address from on the 172.16.4.0 network only.. Can it be done?
I have an ASA 5520...
08-18-2008 06:49 PM
lets say the DMZ network is 192.168.1.0/24
and the server IP is 192.168.1.2/24
do the following
static (DMZ, outside) 192.168.1.2 192.168.1.2 netmask 255.255.255.255
if u have a public ip address on the internat and u want users from internet to access that server on the dmz from the internet though that public ip do the following
lets say the public ip is 1.1.1.1
static (DMZ, outside) 1.1.1.1 192.168.1.2 netmask 255.255.255.255
now u need an ACL on to apply it on the outsid einterface to allow traffic going to DMZ server asuming that the DMZ security level is higher than the ouside
without public IP address
access-list 100 permit ip any host 192.168.1.2
with public IP
access-list 100 permit ip any host 1.1.1.1
no apply it on the outside interface
access-group 100 in interface outside
now let go to the traffic from inside to DMZ server
static (DMZ, inside) 192.168.1.2 192.168.1.2 netmask 255.255.255.255
now the traffic from inside to 192.168.1.2 server will work ok but if u want the server to start the communication with inside network u need ACL to be applied on the DMZ
interface assuming that insidesubnet mask is 255.255.255.0 as follow;
access-list 110 permit ip host 192.168.1.2 172.16.4.0 255.255.255.0
access-group 110 in interface DMZ
and every think wil work
if u need any more details just post here
good luck
please if helpful Rate
08-18-2008 06:55 PM
AWESOME!. i will try when i get to work tommorow... here is one thing....
the cisco webvpn points to the server that has RDP enabled. Basically, once they log into the webvpn, they go to the remote desktop to one of our servers then log in...
would this make any difference?
08-18-2008 06:57 PM
so would i need to use the public IP or the internal IP scheme? since bascially i am using the cisco Webvpn to connect to the server?
08-18-2008 08:21 PM
hi
the above config will work but without webvpn
with web vpn
i will send u this link check it first if didnt help send me ur senario and also let me know if u use anyconnect, think client ssl, or normal webvpn
this link very nice
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808c0603.shtml
good luck
please, if helpful rate
08-19-2008 04:48 AM
Everything has been working for a while with this technology. I am on Version 8.0 of the ASA os. Do i still need the RDP plug in? That was the reason we upgraded to 8.0 from 7.2
08-19-2008 06:15 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide