Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Serevr communication issue between Inside and DMZ Zone

Hi, I have ASA 5505 FW and its configured fine and all internal machines can access DMZ machines and DMZ machines can access the inside machines (Made access rule for this). Now My all Application Server is in DMZ Zone and DB server which is in Internal Zone but there is some issue in communication between Application Server and DB Server. Although, both app server and bd server are able to ping and access the file and print sharing as well but there is some blocking due to which application is not responding but when I swap DB server from Inside Zone to DMZ Zone then Application works but when I switch back to DB Server in internal Zone then Application doesn't work. Communication is proper between Servers but not able to reconize what's an issue(blocking). Can anyone help me??? Thanks

9 REPLIES
Community Member

Re: Serevr communication issue between Inside and DMZ Zone

Can anyone resolve this issue urgent. Configuration is attached.

Community Member

Re: Serevr communication issue between Inside and DMZ Zone

Hi Dear :

First of all you have to trun on loggin on your ASA to see if there is any deny , then I thing your problem is an application inspection , this mean you have to add some inspection command on the ASA global_policy to inspect your application , and just to remaind you it is a big mastake that you apply an access-list to DMZ interface permit ip any any this will open a big security back door for hakers friend Never open ip any any from dmz to inside, whatever send me the application name that you install in your server and I'll try to write the commands for you friend.

Emaf Farag.

Community Member

Re: Serevr communication issue between Inside and DMZ Zone

IIS application

Community Member

Re: Serevr communication issue between Inside and DMZ Zone

I want that I could able to access the machines from DMZ to inside machines and for this I made this rule. I want to use 80,3389,1433 services from DMZ to inside host but if i make access list for these ports then could it be a issue between IIS Server (DMZ Zone) and DB Server (In inside zone) that's why I opened all ports between DMZ to Inside. Please advice.

Re: Serevr communication issue between Inside and DMZ Zone

Hi ray

Please rate the posts which helped you in the previous questions you have asked. Rating does not cost any fee.

http://forums.cisco.com/eforum/servlet/NetProf?page=help_rating

Regards

Community Member

Re: Serevr communication issue between Inside and DMZ Zone

Can anyone respond please??

Community Member

Re: Serevr communication issue between Inside and DMZ Zone

Can anyone reply pl.

Community Member

Re: Serevr communication issue between Inside and DMZ Zone

Please respond

Green

Re: Serevr communication issue between Inside and DMZ Zone

static (inside,DMZ) 192.168.51.0 192.168.51.0 netmask 255.255.255.0

321
Views
0
Helpful
9
Replies
CreatePlease to create content