I'm unable to connect to a host in a DMZ (interface has security level 10), from a host on an "inside" network with security level 100. The host on the DMZ net can ping it's gateway, and the "inside" host can ping its gateway. I've applied a rule on the inside interface to allow the host to connect using RDP, FTP, and FTP-data. I've also set up static identity NATs between the two interfaces. The packet tracer shows RDP and FTP packets should pass, and when I attempt to connect from the inside host to the DMZ I can see the connection being made in the firewalls log, but I still can't connect.
To verify remote desktop and the FTP server were working I the host to another network (security level 100) and was able to connect.
Here's the pertinent config entries. If I need to provide more information, please let me know.
switchport access vlan 50
interface Vlan50 nameif dmz security-level 10 ip address 192.168.50.1 255.255.255.0
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...