Thanks Vibhor

Attached updated diagram

1. In this diagram dmz server having ip 10.1.1.103/24 is the proxy server for the internet on LAN users and i need only https or http trafice allow from the dmz server.

2. For outlook of the lan user need to allow from inside to outside only microsoft outlook traffice.

and ASA Version 8.2(5)

These two are the requirement.

Thanks

Hi,

As per your requirements:-

1) You can restrict the traffic using the interface ACL's and only allow 80 and 443 traffic through the ASA device. This you can apply on the DMZ interface.

2) For this , i think you might need to port forward 443 and 25 Port from the Public IP to the Microsoft Server or you can also apply a one-one NAT on the ASA device and allow the ACL on the outside interface.

Let me know if you have any other queries.

Thanks and Regards,

Vibhor Amrodia

Please define the configuration of these two points.

Thanks 

Hi,

1) access-list DMZ-To-outside permit tcp any any eq 80

access-list DMZ-To-outside permit tcp any any eq 443

access-list DMZ-To-outside deny ip any any

2) object network Outlook

host <Private IP>

nat (inside,outside) static interface service tcp 25 25

object network Outlook-Https

host <Private IP>

nat (inside,outside) static interface service tcp 443 443

Thanks and Regards,

Vibhor Amrodia

It gives error

ACTIVE(config)# host 172.16.20.42             
ERROR: Invalid hostname: '172.16.20.42'
INFO: A hostname must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen.
ACTIVE(config)# 

Hi,

You don't have to exit out of the object sub configuration.

ACTIVE(config-obj)# host 172.16.20.42

ACTIVE(config-obj)# nat (inside,outside) static interface service tcp 443 443

Thanks and Regards,

Vibhor Amrodia

Now got this error

ACTIVE(config)# object network Outlook        
ACTIVE(config-network)# host 172.16.20.42     
ERROR: Invalid hostname: '172.16.20.42'
INFO: A hostname must start and end with a letter or digit, and have as interior characters only letters, digits, or a hyphen.
ACTIVE(config)# 

Hi,

Which version are you using on the ASA device ?

This should like this:-

ciscoasa(config)# object network outlook
ciscoasa(config-network-object)# host 172.16.20.42
ciscoasa(config-network-object)#

Thanks and Regards,

Vibhor Amrodia

Same result but version is below

ASA5510

Cisco Adaptive Security Appliance Software Version 8.2(5) 
Device Manager Version 6.4(5)

Hi,

Yes , so as i pointed out earlier , this is not available on ASA 8.2.

Thanks and Regards,

Vibhor Amrodia

Then how can i configure his ASA , please provide the solution.

Hi,

I would request you to add the details correctly in the post for us to assist you with your queries.

In the Post Header, you mentioned the Software Code as ASA 8.4.2.

In the ASA 8.2.5 , this would be the configuration:-

1) access-list DMZ-To-outside permit tcp any any eq 80

access-list DMZ-To-outside permit tcp any any eq 443

access-list DMZ-To-outside deny ip any any

2)

static (inside,outside) tcp interface <Private IP> 25 25

static (inside,outside) tcp interface <Private IP> 443 443

access-list outside-inside permit tcp any interface outside eq 25

access-list outside-inside permit tcp any interface outside eq 443

Also , as you would be forwarding the port 443 from the ASA Outside interface IP , please change the port that the ASA listens on for ASDM:-

http server enable 4443

Thanks and Regards,

Vibhor Amrodia

in point 2

i configure the nat outside to inside 

tatic (inside,outside) tcp interface 172.16.20.0  25 25

static (inside,outside) tcp interface 172.16.20.0 443 443

access-list outside-inside permit tcp any interface outside eq 25

access-list outside-inside permit tcp any interface outside eq 443

But its not working andi configure outlook at SSL ports 995 and 465 but its not working even not pinging also and my pc ip address is 172.16.20.42/24

Thanks