I was hoping someone could help me out. I have a web site that calls a web service to retrieve data. I want to put my "Website" in the DMZ and let outside traffic access it but have it call the "WebService" that would sit on the inside. I can see the DMZ from the inside no problem, config not shown below. Now getting the DMZ access inside is a different story. Some of my config below.
nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 DMZ security30
ip address outside 65.86.251.1 255.255.255.224 ip address inside 172.78.107.1 255.255.0.0 ip address DMZ 192.168.1.1 255.255.255.0
global (outside) 1 interface global (DMZ) 200 192.168.1.100-192.168.1.110 nat (inside) 0 access-list 102 nat (inside) 1 0.0.0.0 0.0.0.0 0 0 nat (DMZ) 1 0.0.0.0 0.0.0.0 0 0
access-list 102; 5 elements access-list 102 line 1 permit ip 172.78.107.0 255.255.255.0
192.168.101.0 255.255.255.0 access-list 102 line 2 permit ip 172.78.107.0 255.255.255.0 192.168.102.0 255.255.255.0 access-list 102 line 3 permit ip host 65.86.251.130 any access-list 102 line 4 permit ip 172.78.107.0 255.255.255.0 192.168.1.0 255.255.255.0 access-list 102 line 5 permit ip 172.78.107.0 255.255.255.0 192.168.108.0 255.255.255.0static (inside,outside) tcp interface smtp 172.78.107.15 smtp netmask
255.255.255.255 0 0 static (inside,outside) 65.86.251.135 172.78..107.16 netmask 255.255.255.255 0 0 static (inside,outside) 65.86.251.136 netmask 255.255.255.255 0 0 static (inside,DMZ) 172.78..107.0 192.168.107.0 netmask 255.255.255.0 0 0 access-group OWA-in in interface outsideaccess-list OWA-in; 4 elements access-list OWA-in line 1 permit tcp any host 65.86.251.135 eq https access-list OWA-in line 2 permit tcp any host 65.86.251.135 eq www access-list OWA-in line 3 permit tcp any host 65.86.251.136 eq ftp access-list OWA-in line 4 permit tcp any host 65.86.251.136 eq www
I started to config a site to site and a PPTP VPN. that's the 102 access-list. I also have OWA inside. I would love also to put this in the DMZ and allow it to communicate with my exchange server on the inside. What can I do. Everything I have tried has not worked.