DMZ not Allowing Port80 or Port21

Unanswered Question
Nov 24th, 2009

Hi,


I setup a DMZ on an ASA 5505 and left the security level at 50. When I tried to test connectivity to the Internet, it won't allow traffic to the Internet. Can someone please tell me how to fix this issue? Does security level 50 disable port 80?


Thanks in advance,

SK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
grant.maynard Tue, 11/24/2009 - 09:46

The only signifiacnce of the security level is whether it is higher, lower or the same as other interfaces it wishes to talk to. For a DMZ 50 is fine.


You should look at:

NAT - "show run nat", "show run global" - assunimg it's a private IP range on the DMZ.

Access-lists - "show run access-group", "show run access-list"

and default route out the outside interface - "show route".

JORGE RODRIGUEZ Tue, 11/24/2009 - 13:49

SK in addition to previous poster ,   especifically  you need to allow outbound traffic for dmz, also ensure dmz host have proper DNS.


i.e


access-list dmz_access_in extended permit ip any any
access-group dmz_access_in in interface dmz


or if just port 80 and ftp only then:


access-list dmz_access_in permit tcp any any eq 80
access-list dmz_access_in permit tcp any any eq 21



check nat  for dmz  network via  outbound outside global  interface 


global (outside) 1 interface

nat (dmz ) 1   



Regards

Actions

This Discussion