Newb question - How do I open port 443 on ASA 5510

Unanswered Question
May 11th, 2007

Just got a new ASA 5510 and I am having a hard time letting any trafic through. I can ping the outside interface xxx.xxx.xxx.xxx but none of the ports are open.


Ethernet0/0 outside xxx.xxx.xxx.xxx


Ethernet0/1 inside 10.10.10.10


The nic on my iis server is 10.10.10.13


This is about as far as I have gotten. I have been using the ASDM so far. I have tried everything I can think of. Static routes (not even really sure if i need this) inside outside secuity policies.


I posted the code below. Thanks,


Mike



asdm image disk0:/asdm506.bin

asdm location server 255.255.255.255 inside

no asdm history enable

: Saved

:

ASA Version 7.0(6)

!

hostname badgernetcisco

domain-name dotnet.com

names

name 10.10.10.11 server

dns-guard

!

interface Ethernet0/0

nameif outside

security-level 0

ip address xxx.xxx.xxx.xxx 255.255.255.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 10.10.10.10 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!


ftp mode passive

object-group service www tcp-udp

port-object eq www

access-list outside_access_in extended permit tcp interface outside eq https interface inside eq https

access-list outside_access_out extended permit tcp interface inside eq https interface outside eq https

pager lines 24

logging asdm informational

mtu management 1500

mtu outside 1500

mtu inside 1500

no failover

monitor-interface management

monitor-interface outside

monitor-interface inside

asdm image disk0:/asdm506.bin

no asdm history enable

arp timeout 14400

nat (management) 0 0.0.0.0 0.0.0.0

access-group outside_access_in in interface outside

access-group outside_access_out out interface outside

route outside 10.10.10.13 255.255.255.255 xxx.xxx.xxx.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

http server enable

http 192.168.1.0 255.255.255.0 management

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd address server-10.10.10.15 inside

dhcpd dns 216.x.x.192 216.127.221.221

dhcpd lease 3600

dhcpd ping_timeout 50

dhcpd enable management

dhcpd enable inside

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!







  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.

Mike,


Take a look at the following document to assist, this document is explaining how to allow SMTP traffic with the mail server on the inside network.


But the principle for allowing HTTPS (port 443) is the same....


http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008067cf3b.shtml


i.e.,


access-list https_in extended permit tcp any host 209.164.3.5 eq https

access-group https_in in interface outside


static (inside,outside) 209.164.3.5 192.168.2.57 netmask 255.255.255.255


Save and also issue - clear xlate.


PS. Advisable that you start from a fresh configuration as the posted configuration looks a bit messey :)


Hope it helps and please rate posts if it does - good luck, let us know if you need any further help.


Jay

lonnycisco Sun, 05/13/2007 - 10:20

Jay,


I entered the first 3 commands


access-list https_in extended permit tcp any host 209.164.3.5 eq https

access-group https_in in interface outside


static (inside,outside) 209.164.3.5 192.168.2.57 netmask 255.255.255.255




then I submitted. There was a warning error.


Then I could not use the asdm interface anymore (most) parts were blanked out.


Then I tried a clear config command.


Now I can't get in to asdm and it is not assigning dhcp anymore.


Any ideas? I can't get to the server to do a hard reset on the firewall


Mike

Actions

This Discussion