Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
620
Views
0
Helpful
9
Replies

Serevr communication issue between Inside and DMZ Zone

ray_stone
Level 1
Level 1

‎03-30-2008 07:31 AM - edited ‎03-11-2019 05:24 AM

Hi, I have ASA 5505 FW and its configured fine and all internal machines can access DMZ machines and DMZ machines can access the inside machines (Made access rule for this). Now My all Application Server is in DMZ Zone and DB server which is in Internal Zone but there is some issue in communication between Application Server and DB Server. Although, both app server and bd server are able to ping and access the file and print sharing as well but there is some blocking due to which application is not responding but when I swap DB server from Inside Zone to DMZ Zone then Application works but when I switch back to DB Server in internal Zone then Application doesn't work. Communication is proper between Servers but not able to reconize what's an issue(blocking). Can anyone help me??? Thanks

1 person had this problem
Labels:
0 Helpful
9 Replies 9

ray_stone
Level 1
Level 1

‎03-30-2008 07:47 AM

Can anyone resolve this issue urgent. Configuration is attached.

Preview file
7 KB
0 Helpful

emad.silicon
Level 1
Level 1

‎03-30-2008 09:16 AM

Hi Dear :

First of all you have to trun on loggin on your ASA to see if there is any deny , then I thing your problem is an application inspection , this mean you have to add some inspection command on the ASA global_policy to inspect your application , and just to remaind you it is a big mastake that you apply an access-list to DMZ interface permit ip any any this will open a big security back door for hakers friend Never open ip any any from dmz to inside, whatever send me the application name that you install in your server and I'll try to write the commands for you friend.

Emaf Farag.

0 Helpful

ray_stone
Level 1
Level 1
In response to emad.silicon

‎03-30-2008 09:19 AM

IIS application

0 Helpful

ray_stone
Level 1
Level 1
In response to emad.silicon

‎03-30-2008 09:22 AM

I want that I could able to access the machines from DMZ to inside machines and for this I made this rule. I want to use 80,3389,1433 services from DMZ to inside host but if i make access list for these ports then could it be a issue between IIS Server (DMZ Zone) and DB Server (In inside zone) that's why I opened all ports between DMZ to Inside. Please advice.

0 Helpful

husycisco
Level 7
Level 7
In response to ray_stone

‎03-30-2008 10:04 AM

Hi ray

Please rate the posts which helped you in the previous questions you have asked. Rating does not cost any fee.

http://forums.cisco.com/eforum/servlet/NetProf?page=help_rating

Regards

0 Helpful

ray_stone
Level 1
Level 1
In response to husycisco

‎03-30-2008 01:10 PM

Can anyone respond please??

0 Helpful

ray_stone
Level 1
Level 1
In response to ray_stone

‎03-30-2008 06:03 PM

Can anyone reply pl.

0 Helpful

ray_stone
Level 1
Level 1
In response to ray_stone

‎03-31-2008 05:33 AM

Please respond

0 Helpful

acomiskey
Level 10
Level 10
In response to ray_stone

‎03-31-2008 07:25 AM

static (inside,DMZ) 192.168.51.0 192.168.51.0 netmask 255.255.255.0

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card