ASA configuration

Unanswered Question
Mar 22nd, 2010
User Badges:

Dear All

I want to create a DMZ in in my ASA 5510 to keep my web servers and FTP servers there.We have a leased line internet that connects to 1841 and then ASA 5510.Can any one help me regarding that .

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
soumik1979 Thu, 03/25/2010 - 21:46
User Badges:

We have some web server and database server .Now some files need to be copied from local web server  to external web serer.Sql server connections need to be done from local users to external server.We have some FTP servers also.I want that the users in the LAN will copy data locally to FTP server.As our organization policy most of the users dont have internet connections.Sometimes the developers need to upload data in our web servers .Our DBA need to take bake of the external database server log files.So all that I want to creating a separate zone and placing all the external web, database and ftp servers in that zone

Jennifer Halim Thu, 03/25/2010 - 15:03
User Badges:
  • Cisco Employee,

Assuming the ASA outside interface is connected to the Internet, here is what you can configure for DMZ access:

static (dmz,outside) public-ip-web private-ip-web netmask

On the access-list of the outside interface, assuming you already have 1 created with name "outside_access_in" and you would like access on port 80:

access-list outside_access_in permit tcp any host eq 80

If otherwise you haven't had any access-list on the outside interface, creates the access-list and apply it to the outside interface with the following:

access-group outside_access_in in interface outside

Hope that helps.


This Discussion