Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

allow external users to access Web Portal server on DMZ zone

Our company having Web Portal Server on DMZ Zone and Oracle Server is in inside zone. We need to configure in such a manner that external user can access the web based application through DMZ zone. For that, we configured ASA and we did static translation & opened the necessary port to communicate between the Oracle server and Web Portal server. And it?s working fine from DMA zone.

And from outside to DMZ zone, we opened http and https port for web portal server, and I can access web portal server externally but data is not visible if you click on URL of the portal server. Its means, it?s not connecting the oracle server through web portal server from external interface.

Please suggest us some standard configuration to solve this issue or your suggestion to solve this problem

6 REPLIES
Silver

Re: allow external users to access Web Portal server on DMZ zone

Could you post your configuration? Are you doing port forwarding from outside to DMZ?

-Hoogen

New Member

Re: allow external users to access Web Portal server on DMZ zone

There are following configuration details -

object-group network DMZ1_WEB

description DMZ Web Server

network-object host 10.183.94.5

object-group network Inside_Oracle

network-object host 10.183.90.16

network-object host 10.183.90.11

object-group service DMZtoInside tcp-udp

port-object eq 8000

port-object eq 389

port-object eq www

access-list acl-dmz1 extended permit tcp object-group DMZ1_WEB object-group Inside_Oracle object-group DMZtoInside

nat (inside) 1 0.0.0.0 0.0.0.0

global (outside) 1 interface

global (dmz1) 1 interface

static (dmz1,outside) 84.255.146.118 10.183.94.5 netmask 255.255.255.255

static (inside,dmz1) 10.183.90.16 10.183.90.16 netmask 255.255.255.255

static (inside,dmz1) 10.183.90.11 10.183.90.11 netmask 255.255.255.255

access-group acl-out in interface outside

access-group acl-in in interface inside

access-group acl-dmz1 in interface dmz1

access-list acl-out extended permit tcp any host 84.255.146.118 eq http

access-list acl-out extended permit tcp any host 84.255.146.118 eq https

New Member

Re: allow external users to access Web Portal server on DMZ zone

You have an access-group 'acl-in' applied to your inside interface, but you haven't posted the ACL config belonging to this access-group. This could be the reason that the traffic is not flowing correctly.

Also, are you positive that the ports in object-group 'DMZtoInside' are the correct ports that your web server is using to communicate with the back-end Oracle server?

New Member

Re: allow external users to access Web Portal server on DMZ zone

As per my earlier mail, I can access all the web based application on DMZ zone & its working fine on DMZ zone. Its means Web Portal is communicating with back-end Oracle server. And i can access web portal from outside but once click on the link of the page, data is not retrieving from back-end oracle server.

Silver

Re: allow external users to access Web Portal server on DMZ zone

Sorry for the delay in replying I had to go out of town to visit one my clients. Anyway okay have you got some logs enabled from your ASDM you could look into the real time live log and find out what error is popping up when you try to access the web server from outside.

-Hoogen

New Member

Re: allow external users to access Web Portal server on DMZ zone

Hi Hoogen,

I am waitng for ur reply to solve this above issue.

333
Views
0
Helpful
6
Replies