Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

web access config

Unanswered Question
Mar 19th, 2004
User Badges:

Hello all,

i have a webserver on a dmz that is accessible from anyone on the internet. I want customers to be able to sign in through https and see account information that is stored on another server on another more secure dmz.

i have already successflly configured access for customers from the internet to the webserver and i created an access list allowing the web server to access the server with cust. acct. info through http. Problem is when i test this, the page with the customer info is not displayed. i can ping in both directions between the two servers so i know the connectivity is there. i'm not sure if the traffic between the two servers should be https or if this design is even the most practical idea

The IT manager is suggesting that i move the server with the customer account info to the dmz with the webserver but i have serious security concerns about this.

any suggestions?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
router_duchess Fri, 03/19/2004 - 08:53
User Badges:

Definitely do not put that customer data server in that DMZ. Have you set up an ACL that allows the http server to communicate to the more secure dmz via tcp port 80 (or whatever port the secure server is using for data transfer)? You will also need a netstat command to allow the two subnets to communicate?

bbrown23 Fri, 03/19/2004 - 11:23
User Badges:

Thanks all for your suggestions, unfortunately it still doesn't work. I monitored the logs and even want as far as opening full ip access between the two servers to test what would be the result. They can still ping each other but the page does not display so i'm starting to suspect its something with the configuation on the servers.

while on the subject, what would be your suggestions for a similar situation where customers need to securely access their information?

thanks again


This Discussion