+ Reply to Thread
Results 1 to 2 of 2
  1. Junior Member Registered Member
    Join Date
    Mar 2011
    Posts
    2
    #1

    Default New Cisco ASA 5515X

    Hello everyone,
    I want to migrate a client network from ASA 8.2 to 9.1. Presently, the 8.2 box takes LAN users to the internet, and to a webserver in the DMZ. The DMZ server is assessed both from the LAN with a private IP address and from the internet using its public IP address.
    After translating the current 8.2 config, LAN users can assess the internet, but cannot browse the webserver in the DMZ; but 'weirdly' can ping it. Kindly share a sample config, if you have conquered this before. Bear in mind that NAT is different in 9.1 compared to 8.2. Here is a part of the config.


    interface GigabitEthernet0/0
    nameif outsideif
    security-level 0
    ip address outside-if 255.255.255.248
    !
    interface GigabitEthernet0/1
    nameif insideif
    security-level 100
    ip address inside-if 255.255.255.248
    !
    interface GigabitEthernet0/2
    nameif dmzif
    security-level 50
    ip address dmz-if 255.255.255.0
    !
    object network DMZ-webserver
    host 192.168.0.4
    !
    object network DMZ-webserver_public_IP
    host 19X.2X.4.13
    !
    access-list outsideacl extended permit tcp any object DMZ-webserver eq www
    access-list dmzacl extended permit ip any any
    !
    nat (dmzif,outsideif) source static DMZ-webserver DMZ-webserver_public_IP
    object network inside-lan_outside
    nat (insideif,outsideif) dynamic interface
    route outsideif 0.0.0.0 0.0.0.0 outside-router 1
    route insideif 10.0.0.0 255.0.0.0 inside-router 1




    There are no other access-lists in the running config.
    Many thanks in advance.
    Reply With Quote Quote  

  2. Fireman
    Join Date
    Feb 2009
    Location
    Texas
    Posts
    55

    Certifications
    A+ Network+ CCSA CCSE CCSE+ CCMSE+Provider-1 CCMSE+VSX CCMA
    #2
    You need to use an object nat on the dmz object and make sure you have access groups in the config that are setup for each acl in use. Also try packet tracer under the tools section of ASDM to simulate the traffic flow and see where it breaks.
    Press RETURN to get started

    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks