ASA configuration

soumik1979 · ‎03-22-2010

Dear All

I want to create a DMZ in in my ASA 5510 to keep my web servers and FTP servers there.We have a leased line internet that connects to 1841 and then ASA 5510.Can any one help me regarding that .

andrew.prince · ‎03-25-2010

What you are trying to do can be pretty simple or very difficult.

Explain more on what you want to do.

soumik1979 · ‎03-25-2010

We have some web server and database server .Now some files need to be copied from local web server to external web serer.Sql server connections need to be done from local users to external server.We have some FTP servers also.I want that the users in the LAN will copy data locally to FTP server.As our organization policy most of the users dont have internet connections.Sometimes the developers need to upload data in our web servers .Our DBA need to take bake of the external database server log files.So all that I want to creating a separate zone and placing all the external web, database and ftp servers in that zone

Jennifer Halim · ‎03-25-2010

Assuming the ASA outside interface is connected to the Internet, here is what you can configure for DMZ access:

static (dmz,outside) public-ip-web private-ip-web netmask 255.255.255.255

On the access-list of the outside interface, assuming you already have 1 created with name "outside_access_in" and you would like access on port 80:

access-list outside_access_in permit tcp any host eq 80

If otherwise you haven't had any access-list on the outside interface, creates the access-list and apply it to the outside interface with the following:

access-group outside_access_in in interface outside

Hope that helps.