07-26-2009 03:44 AM - edited 03-11-2019 08:59 AM
Hi All,
Kindly guide me, my secnario is this there is one outside WEB server which have ip 192.168.11.28. from inside network i am able to access the webserver without any problem. but from DMZ i am not able to access that webserver only i can ping it from DMZ.kindly look my configuration and guide me anything wrong is my configuration.Thanks.
**************
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.10.10.2 255.255.255.252
!
interface GigabitEthernet0/1
nameif Inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/3
description LAN Failover Interface
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.210 eq ftp
access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.201 eq www
access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.204 eq www
access-list outside_access_in extended permit ip 192.168.255.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list outside_access_in extended permit icmp 10.10.10.0 255.255.255.252 192.168.0.0 255.255.255.0
access-list outside_access_in extended permit tcp host 192.168.22.38 host 192.168.0.201 eq 8080
access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.201 eq 7777
access-list outside_access_in extended deny tcp host 192.168.22.38 host 192.168.0.201 eq 7777
access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.201 eq 8080
access-list outside_access_in extended permit icmp 192.168.22.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.204 eq 8080
access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.204 eq 7777
access-list outside_access_in extended permit ip 192.168.255.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list outside_access_in extended permit icmp 10.10.10.0 255.255.255.252 192.168.100.0 255.255.255.0
access-list outside_access_in extended permit icmp 192.168.22.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.100.215 eq www
access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.100.215 eq 7777
access-list nonat extended permit ip 192.168.0.0 255.255.255.0 any
access-list nonatDMZ extended permit ip 192.168.100.0 255.255.255.0 any
access-list traffic_for_ips extended permit ip any any
access-list inside_access_all extended permit ip any any
access-list DMZ_access_all extended permit icmp any any
access-list DMZ_access_all extended permit ip 192.168.100.0 255.255.255.0 192.168.0.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu management 1500
ip verify reverse-path interface outside
ip verify reverse-path interface Inside
failover
failover lan unit primary
failover lan interface failovetr-int GigabitEthernet0/3
failover replication http
failover interface ip failovetr-int 10.250.250.1 255.255.255.252 standby 10.250.250.2
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-61551.bin
asdm history enable
arp timeout 14400
nat (Inside) 0 access-list nonat
nat (DMZ) 0 access-list nonatDMZ
static (Inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
access-group outside_access_in in interface outside
access-group inside_access_all in interface Inside
access-group DMZ_access_all in interface DMZ
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
07-26-2009 05:02 AM
add
access-list DMZ_access_all extended permit ip 192.168.100.0 255.255.255.0 192.168.11.0 255.255.255.0
regards,
Roman
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide