We have an ASA that we use as a VPN and firewall. There is no router between the ASA and internal networks. The internet goes through the ASA. We have a web server with the internal IP address 192.168.100.5. What do we need to setup on the ASA so that the outside world can access our web server 192.168.100.5? At the same time, we also want to protect the web server from hackers. Attached is the config.
Please let me know if you need additional information. Thanks.
Seems like what you are trying to do is as follows:
User browses to web server --> web server retrieves data from sql server --> web server display result for user
If the above is what you are trying to achieve, then you only need to allow TCP/80 connection to web server.
While web server retrieves data from sql server, they would communicate internally, so the sql server will post the data retrieval to the web server, and web server will display the result for user. There is no need for direct access from user towards the sql server.
Need to configure access-list to allow the HTTP inbound connection to the web server public ip address.
Currently ACL 101 is applied to the outside interface, so here is what you need to add:
access-list 101 permit tcp any host 220.127.116.11 eq 80
Hope that helps
This is the public IP of your web server: 18.104.22.168
This is what you're missing:
access-list 101 permit tcp any host 22.214.171.124 eq www