03-22-2010 06:30 AM - edited 03-11-2019 10:24 AM
Dear All
I want to create a DMZ in in my ASA 5510 to keep my web servers and FTP servers there.We have a leased line internet that connects to 1841 and then ASA 5510.Can any one help me regarding that .
03-25-2010 06:39 AM
What you are trying to do can be pretty simple or very difficult.
Explain more on what you want to do.
03-25-2010 09:46 PM
We have some web server and database server .Now some files need to be copied from local web server to external web serer.Sql server connections need to be done from local users to external server.We have some FTP servers also.I want that the users in the LAN will copy data locally to FTP server.As our organization policy most of the users dont have internet connections.Sometimes the developers need to upload data in our web servers .Our DBA need to take bake of the external database server log files.So all that I want to creating a separate zone and placing all the external web, database and ftp servers in that zone
03-25-2010 03:03 PM
Assuming the ASA outside interface is connected to the Internet, here is what you can configure for DMZ access:
static (dmz,outside) public-ip-web private-ip-web netmask 255.255.255.255
On the access-list of the outside interface, assuming you already have 1 created with name "outside_access_in" and you would like access on port 80:
access-list outside_access_in permit tcp any host
If otherwise you haven't had any access-list on the outside interface, creates the access-list and apply it to the outside interface with the following:
access-group outside_access_in in interface outside
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide