Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA as Firewall

We have an ASA that we use as a VPN and firewall.  There is no router between the ASA and internal networks.  The internet goes through the ASA. We have a web server with the internal IP address 192.168.100.5.   What do we need to setup on the ASA so that the outside world can access our web server 192.168.100.5?  At the same time, we also want to protect the web server from hackers.  Attached is the config.

Please let me know if you need additional information.  Thanks.

Debra

3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: ASA as Firewall

Hi,

This is the public IP of your web server:  66.27.45.84

This is what you're missing:

access-list 101 permit tcp any host 66.27.45.84 eq www

Federico.

Super Bronze

Re: ASA as Firewall

Need to configure access-list to allow the HTTP inbound connection to the web server public ip address.

Currently ACL 101 is applied to the outside interface, so here is what you need to add:

access-list 101 permit tcp any host 66.27.45.84 eq 80

Hope that helps

Super Bronze

Re: ASA as Firewall

Seems like what you are trying to do is as follows:

User browses to web server --> web server retrieves data from sql server --> web server display result for user

If the above is what you are trying to achieve, then you only need to allow TCP/80 connection to web server.

While web server retrieves data from sql server, they would communicate internally, so the sql server will post the data retrieval to the web server, and web server will display the result for user. There is no need for direct access from user towards the sql server.

8 REPLIES

Re: ASA as Firewall

Hi,

This is the public IP of your web server:  66.27.45.84

This is what you're missing:

access-list 101 permit tcp any host 66.27.45.84 eq www

Federico.

Super Bronze

Re: ASA as Firewall

Need to configure access-list to allow the HTTP inbound connection to the web server public ip address.

Currently ACL 101 is applied to the outside interface, so here is what you need to add:

access-list 101 permit tcp any host 66.27.45.84 eq 80

Hope that helps

New Member

Re: ASA as Firewall

Thanks both of you for your prompt response and information.  Sorry for the late reply.  I was looking for this post.

May I ask you another question?  This web server is also connected to the SQL server (NATTED public IP address 66.27.45.81).  What do I need to do so that the outside users can also access this SQL server via the web server?  Please let me know if you need additional info. Thanks.

Super Bronze

Re: ASA as Firewall

Can you please elaborate on what do you mean by "the outside users can also access this SQL server via the web server"?

Do you mean, you would like the outside users to directly access the SQL server on TCP/80 (www), ie: the SQL server is also listening on port 80?

New Member

Re: ASA as Firewall

Halijenn,

Thanks for your question.  That is correct.  I want the SQL server to listen to port 80.  For example, when I click on one of the links on Cisco.com, Cisco web site would connect to the my SQL database in the background.  Then, I see the list of data displayed on my screen.  The web server and the SQL server are on two servers.  I am running Microsoft SQL 2005.  Besides having the SQL database available for outside users, I also want to protect this server from hackers.

Please let me know if my explanation is still not clear.  Thanks.

Debra

Super Bronze

Re: ASA as Firewall

Seems like what you are trying to do is as follows:

User browses to web server --> web server retrieves data from sql server --> web server display result for user

If the above is what you are trying to achieve, then you only need to allow TCP/80 connection to web server.

While web server retrieves data from sql server, they would communicate internally, so the sql server will post the data retrieval to the web server, and web server will display the result for user. There is no need for direct access from user towards the sql server.

New Member

Re: ASA as Firewall

Halijenn,

Thanks for your prompt response.   That is exactly what my question was.  You explained it better than I could.  So, you don't need to put any ACL's on the SQL server in this case.

May I ask you another question?  If I have another web server, do I use a different ACL's statement?  For example, if my web server's IP address is 66.27.45.85.  My ACL statement would be:

access-list 102 permit tcp any host 66.27.45.85 eq 80

Thanks.

Debra

Super Bronze

Re: ASA as Firewall

Spot on, you are absolutely correct.

299
Views
0
Helpful
8
Replies