Need Help getting Outside network to talk to DMZ

Unanswered Question

I'm in the testing phase of setting up an ASA 5520 and I'm having some issues getting the Outside network to talk to the DMZ. I set up a test using a web server on 172.20.175.110 (SCADADEV01) and I thought I had it NATed correctly and had the right ACL but I cannot seemed to get to from the test computer 10.80.1.16. Can you give me a little help. Attached is the config file.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Your NAT is incorrect, and your outside acl is incorrect.


I would configure something like - for testing:-


static (DMZ,outside) tcp interface www 172.20.175.110 www netmask 255.255.255.255


Then write the acl


access-list outside_access_in permit tcp any interface outside eq 80


HTH>

OK - firstly,


You are typing the wrong IP address. You are natting on the firewall - so you will not be able to connect to the DMZ IP address, as this is not know on the outside.


Test again using the IP address "10.80.1.15"


Secondly - enable logging, then check the logs. You can also check to see if your access is being hit - show access-list. The you should check connectivity locally from a device in the DMZ.


HTH>

Actions

This Discussion