Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMZ not Allowing Port80 or Port21

Hi,

I setup a DMZ on an ASA 5505 and left the security level at 50. When I tried to test connectivity to the Internet, it won't allow traffic to the Internet. Can someone please tell me how to fix this issue? Does security level 50 disable port 80?

Thanks in advance,

SK

2 REPLIES

Re: DMZ not Allowing Port80 or Port21

The only signifiacnce of the security level is whether it is higher, lower or the same as other interfaces it wishes to talk to. For a DMZ 50 is fine.

You should look at:

NAT - "show run nat", "show run global" - assunimg it's a private IP range on the DMZ.

Access-lists - "show run access-group", "show run access-list"

and default route out the outside interface - "show route".

Re: DMZ not Allowing Port80 or Port21

SK in addition to previous poster ,   especifically  you need to allow outbound traffic for dmz, also ensure dmz host have proper DNS.

i.e

access-list dmz_access_in extended permit ip any any
access-group dmz_access_in in interface dmz

or if just port 80 and ftp only then:

access-list dmz_access_in permit tcp any any eq 80
access-list dmz_access_in permit tcp any any eq 21

check nat  for dmz  network via  outbound outside global  interface 

global (outside) 1 interface

nat (dmz ) 1   

Regards

214
Views
0
Helpful
2
Replies
CreatePlease to create content