Accessing outside server from DMZ Network

aamirkiani · ‎07-26-2009

Hi All,

Kindly guide me, my secnario is this there is one outside WEB server which have ip 192.168.11.28. from inside network i am able to access the webserver without any problem. but from DMZ i am not able to access that webserver only i can ping it from DMZ.kindly look my configuration and guide me anything wrong is my configuration.Thanks.

**************

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 10.10.10.2 255.255.255.252

!

interface GigabitEthernet0/1

nameif Inside

security-level 100

ip address 192.168.0.1 255.255.255.0

!

interface GigabitEthernet0/2

nameif DMZ

security-level 50

ip address 192.168.100.1 255.255.255.0

!

interface GigabitEthernet0/3

description LAN Failover Interface

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.210 eq ftp

access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.201 eq www

access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.204 eq www

access-list outside_access_in extended permit ip 192.168.255.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list outside_access_in extended permit icmp 10.10.10.0 255.255.255.252 192.168.0.0 255.255.255.0

access-list outside_access_in extended permit tcp host 192.168.22.38 host 192.168.0.201 eq 8080

access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.0.201 eq 7777

access-list outside_access_in extended deny tcp host 192.168.22.38 host 192.168.0.201 eq 7777

access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.201 eq 8080

access-list outside_access_in extended permit icmp 192.168.22.0 255.255.255.0 192.168.0.0 255.255.255.0

access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.204 eq 8080

access-list outside_access_in extended permit tcp host 192.168.22.100 host 192.168.0.204 eq 7777

access-list outside_access_in extended permit ip 192.168.255.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list outside_access_in extended permit icmp 10.10.10.0 255.255.255.252 192.168.100.0 255.255.255.0

access-list outside_access_in extended permit icmp 192.168.22.0 255.255.255.0 192.168.100.0 255.255.255.0

access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.100.215 eq www

access-list outside_access_in extended permit tcp 192.168.22.0 255.255.255.0 host 192.168.100.215 eq 7777

access-list nonat extended permit ip 192.168.0.0 255.255.255.0 any

access-list nonatDMZ extended permit ip 192.168.100.0 255.255.255.0 any

access-list traffic_for_ips extended permit ip any any

access-list inside_access_all extended permit ip any any

access-list DMZ_access_all extended permit icmp any any

access-list DMZ_access_all extended permit ip 192.168.100.0 255.255.255.0 192.168.0.0 255.255.255.0

pager lines 24

logging asdm informational

mtu outside 1500

mtu Inside 1500

mtu DMZ 1500

mtu management 1500

ip verify reverse-path interface outside

ip verify reverse-path interface Inside

failover

failover lan unit primary

failover lan interface failovetr-int GigabitEthernet0/3

failover replication http

failover interface ip failovetr-int 10.250.250.1 255.255.255.252 standby 10.250.250.2

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-61551.bin

asdm history enable

arp timeout 14400

nat (Inside) 0 access-list nonat

nat (DMZ) 0 access-list nonatDMZ

static (Inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

access-group outside_access_in in interface outside

access-group inside_access_all in interface Inside

access-group DMZ_access_all in interface DMZ

route outside 0.0.0.0 0.0.0.0 10.10.10.1 1

Roman Rodichev · ‎07-26-2009

add

access-list DMZ_access_all extended permit ip 192.168.100.0 255.255.255.0 192.168.11.0 255.255.255.0

regards,

Roman