Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

web access config

Hello all,

i have a webserver on a dmz that is accessible from anyone on the internet. I want customers to be able to sign in through https and see account information that is stored on another server on another more secure dmz.

i have already successflly configured access for customers from the internet to the webserver and i created an access list allowing the web server to access the server with cust. acct. info through http. Problem is when i test this, the page with the customer info is not displayed. i can ping in both directions between the two servers so i know the connectivity is there. i'm not sure if the traffic between the two servers should be https or if this design is even the most practical idea

The IT manager is suggesting that i move the server with the customer account info to the dmz with the webserver but i have serious security concerns about this.

any suggestions?

New Member

Re: web access config

Definitely do not put that customer data server in that DMZ. Have you set up an ACL that allows the http server to communicate to the more secure dmz via tcp port 80 (or whatever port the secure server is using for data transfer)? You will also need a netstat command to allow the two subnets to communicate?

New Member

Re: web access config

Leaving the server with the customer info on a more secure DMZ is the better way to go.

Try enabling logging on the PIX to see what traffic is being dropped.

New Member

Re: web access config

Thanks all for your suggestions, unfortunately it still doesn't work. I monitored the logs and even want as far as opening full ip access between the two servers to test what would be the result. They can still ping each other but the page does not display so i'm starting to suspect its something with the configuation on the servers.

while on the subject, what would be your suggestions for a similar situation where customers need to securely access their information?

thanks again

CreatePlease to create content