New Cisco ASA 5515X

adesobaadesoba Registered Users Posts: 3 ■□□□□□□□□□
Hello everyone,
I want to migrate a client network from ASA 8.2 to 9.1. Presently, the 8.2 box takes LAN users to the internet, and to a webserver in the DMZ. The DMZ server is assessed both from the LAN with a private IP address and from the internet using its public IP address.
After translating the current 8.2 config, LAN users can assess the internet, but cannot browse the webserver in the DMZ; but 'weirdly' can ping it. Kindly share a sample config, if you have conquered this before. Bear in mind that NAT is different in 9.1 compared to 8.2. Here is a part of the config.

interface GigabitEthernet0/0
nameif outsideif
security-level 0
ip address outside-if
interface GigabitEthernet0/1
nameif insideif
security-level 100
ip address inside-if
interface GigabitEthernet0/2
nameif dmzif
security-level 50
ip address dmz-if
object network DMZ-webserver
object network DMZ-webserver_public_IP
host 19X.2X.4.13
access-list outsideacl extended permit tcp any object DMZ-webserver eq www
access-list dmzacl extended permit ip any any
nat (dmzif,outsideif) source static DMZ-webserver DMZ-webserver_public_IP
object network inside-lan_outside
nat (insideif,outsideif) dynamic interface
route outsideif outside-router 1
route insideif inside-router 1

There are no other access-lists in the running config.
Many thanks in advance.
Sign In or Register to comment.