web access config

bbrown23 · ‎03-19-2004

Hello all,

i have a webserver on a dmz that is accessible from anyone on the internet. I want customers to be able to sign in through https and see account information that is stored on another server on another more secure dmz.

i have already successflly configured access for customers from the internet to the webserver and i created an access list allowing the web server to access the server with cust. acct. info through http. Problem is when i test this, the page with the customer info is not displayed. i can ping in both directions between the two servers so i know the connectivity is there. i'm not sure if the traffic between the two servers should be https or if this design is even the most practical idea

The IT manager is suggesting that i move the server with the customer account info to the dmz with the webserver but i have serious security concerns about this.

any suggestions?

router_duchess · ‎03-19-2004

Definitely do not put that customer data server in that DMZ. Have you set up an ACL that allows the http server to communicate to the more secure dmz via tcp port 80 (or whatever port the secure server is using for data transfer)? You will also need a netstat command to allow the two subnets to communicate?

craig.king · ‎03-19-2004

Leaving the server with the customer info on a more secure DMZ is the better way to go.

Try enabling logging on the PIX to see what traffic is being dropped.

bbrown23 · ‎03-19-2004

Thanks all for your suggestions, unfortunately it still doesn't work. I monitored the logs and even want as far as opening full ip access between the two servers to test what would be the result. They can still ping each other but the page does not display so i'm starting to suspect its something with the configuation on the servers.

while on the subject, what would be your suggestions for a similar situation where customers need to securely access their information?

thanks again