Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DMZ Web server cannot Access by internet User

Status
Not open for further replies.
glory3321

glory3321

IS-IT--Management
Aug 14, 2001
27
DE
I would like to thank Yizhar and the rest for helping me out on this config... I still have one Problem the Web server on DMZ cannot be access by the internet user outside.

Here are details


outside IP - 210.196.101.138 /29
Inside IP - 192.168.1.1 /24
DMZ IP - 192.168.2.1/24
DMZ Web Server IP - 192.168.2.2/24
External Web server IP 210.196.101.140/29

Internal DNS = none
External DNS - yes ... provided by ISP

SQL server inside - 192.168.1.2

On the configuration below I have to problem accessing the internet from the Inside network.

Inside to DMZ access no problem also.
DMZ Webserver access to Internal Sql server no problem also.

However from the Internet it cannot access the Webserver from the DMZ .. although I made some static config already

here is the configuration and I hope you can correct me where I made a mistake.


ip address outside 210.196.101.138 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip address dmz 192.168.2.1 255.255.255.0


global (outside) 1 210.196.101.141 netmask 255.255.255.248
global (dmz) 1 192.168.2.100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
nat (dmz) 1 0.0.0.0 0.0.0.0 0 0

alias (inside) 210.196.101.140 192.168.2.2 255.255.255.255

static (dmz,outside) 210.196.101.140 192.168.2.2 netmask 255.255.255.255 0 0

static (inside,dmz) 192.168.1.2 192.168.1.2 netmask 255.255.255.255 0 0

conduit permit tcp host 210.196.101.140 eq conduit permit icmp any any
onduit permit tcp host 210.196.101.140 eq conduit permit icmp any any
conduit permit tcp any any
conduit permit udp any any
route outside 0.0.0.0 0.0.0.0 210.196.101.137 1



Everything seems to be fine... but outside users from internet cannot access the Webserver byt using its global ip or DNS name.
 
Sort by date Sort by votes
HI.

The pix config seems to allow the incoming traffic and also to be too much wide open.
So you should also troubleshoot other factors.

Try to traceroute from the Internet to your router/pix/webserver addresses.
You can use tools like

Try to telnet to your router, and then telnet from the router to the web server port 80, like:
telnet 210.196.101.140 80

Or try to connect a workstation to the pix outside interface and try connecting to the web server from it.
Also try to connect the web server directly to router using the global ip and acccess it from the Internet.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ISDPCMAN
  • Locked
  • Question
Cannot connect to TZ-215 Sonicwall appliance with web browser!
Replies
0
Views
148
ISDPCMAN
ISDPCMAN
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
730
Shmid
Shmid
DivemasterBill
  • Locked
  • Question
Cannot connect via the SonicWall Login webpage
Replies
0
Views
145
DivemasterBill
DivemasterBill
markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
114
markd885
markd885
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
135
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top