asa5510: why some ports can be forwarded and some not?

Unanswered Question
Apr 17th, 2007

i have been working on this for over a week with no luck - if i configure the web server in my dmz to listen on port 5000 i can forward requests coming from outside on port 5000 and everything works fine. if i configure the web server to listen on port 80 and try to forward port 80 i get nowhere. what could be reason for this. i don't have any access lists that would block traffic on port 80. in fact all i have is:

access-list outside_in extended permit tcp any host <public IP> eq www

access-list outside_in extended permit tcp any host <public IP> eq 5000

static (dmz,outside) tcp interface www 10.10.5.13 www netmask 255.255.255.255

static (dmz,outside) tcp interface 5000 10.10.5.13 5000 netmask 255.255.255.255

like i said - with port 5000 everything works fine but not with port 80. any suggestions? thanks in advance...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bstremp Mon, 04/23/2007 - 06:19

Just check the inspection is enabled and any other NAT or PAT statment will block the traffic. Check the access list for any number with the port 80 might block.

Actions

This Discussion