ASA 5540 internal website access problem

Unanswered Question
Jul 2nd, 2009

I have a cisco ASA 5540 firewall with a DMZ segment, Inside segment & outside (Internet segment).

The web server with website domain www.mysite.com is in DMZ segment NATted with public IP on Internet segment.

I have allowed full internet access to a monitoring workstation in Inside segment as well one in DMZ segment, and I can access all the websites properly with domain/IP.

My problem is, I can't access www.mysite.com hosted on web server in DMZ segment from both the workstations in DMZ as well Inside segments of firewall. Whereas same www.mysite.com is accessible from outside Internet.

Kindly help me to resolve this problem.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
punyarthisa Fri, 07/03/2009 - 02:07

Dear Andrew,

tks for r support, but the problem is not resolved then also because actually, the inside system is unable to access the website hosted on dmz segment using the public IP path.

please let me know the config required to give access to inside users to access internal website using Web servers Natted public IP.

alexojeda Thu, 07/16/2009 - 19:03

U cant access public ip nated to dmz server from inside or another interface.

for resolve this problem, u need point internal users or monitor server to dmz ip address of the server, create a static for traslate inside to dmz and aply ACL for allow HTTP access.

if u need access a website hosted by "hostname" and no by "IP Address"

u need create a "internal" DNS server.

this provide resolution for domains served by DMZ server's pointing A zones to DMZ ip's.

DNS Server example:

*info: inside user's: 172.16.1.0/24

*info: dmz server's: 10.0.0.0/24

*info: dmz www server: 10.0.0.5

http://www.exampledomain.com -> 10.0.0.5

this DNS Server need be DIFERENT for Interner DNS Resolution.

Other solution if u cant mount a internal dns server is, add a line to windows users machine's.

File:

c:\Windows\System32\drivers\etc\hosts

Add at follow last line:

10.0.0.5 www.exampledomain.com

With this u provide name resolution only to especific's machines.

Actions

This Discussion