I have my current network setup with a domain controller, file server, and workstations. I want to add a web server/ftp server (1 single pc) into the DMZ. I do not have a secondary outside IP to use so I will need to use the same one that I use for my internet connection or my outside connection.
I am new to this and would like some help on what IP to give to the DMZ port on the router and what IP/subnet/gateway to give to the webserver/ftp server. Any additional information I may need to know to configure the router would also be greatly appreciated.
In this example, the server/PC should be assigned an IP in the range 172.16.1.0/24. I'll use 172.16.1.2. Mask is the same (255.255.255.0). Gateway should be set to the same as the dmz interface (172.16.1.1).
For the ASA, you need to configure Port Forwarding to allow web traffic (port 80) and ftp traffic (port 21) to be forwarded to your internal server IP (172.16.1.2 in this example). This is done using the static command like this:
First, this line is not entered correctly in your config:
[code:1]access-list outside_access_dmz extended permit tcp any interface outside eq www[/code:1]
It seams you forgot the eq www at the end of the line. Still, I don't think this is the cause of the problem. First I'd make sure of the following:
1. Can you access the web/ftp server from it's local DMZ LAN?. If you can't, make sure any firewalls installed on the server are turned off including the windows firewall.
2. Can you ping the server from the ASA?. If not, Are you connecting the web server directly to the ASA's Ethernet0/7 without using a switch?. If so, then you probably need a crossover cable for that.
If all that is checked and it still doesn't work, then try changing the IP range (in all the commands) I gave you to something like 172.20.1.x with a mask 255.255.255.0. I'm saying this because you have other lines in your config that use parts of the 172.16.1.x range. Just in case, to avoid any possible conflicts.
Can't think of another reason why it shouldn't work, I personally tried a very similar scenario and it worked.