06-25-2007 11:19 AM - edited 02-21-2020 01:34 AM
My problem is that with my new 5505 the outside world does not have access to my web and mail services. when I show access-list, the hit count does not go up when I know there are web and mail requests coming in.
06-25-2007 11:37 AM
Hi
Could you post a sanitised version of your config please.
Jon
06-26-2007 10:53 AM
If you need more of de config, please let my no.
access-list outside_access_in extended permit tcp any host 62.192.102.102 eq 4899
access-list outside_access_in extended permit tcp any host 62.192.102.102 eq https
access-list outside_access_in permit tcp any host 62.192.102.102 eq smtp
access-list outside_access_in extended permit tcp host test1 host 62.192.102.102 eq 65000
access-list outside_access_in extended permit tcp host test2 host 62.192.102.102 eq 65000
access-list nonat1 extended permit ip 192.168.200.0 255.255.255.0 192.168.123.0 255.255.255.0
global (outside) 1 interface
nat (inside) 0 access-list nonat1
nat (inside) 1 192.168.200.0 255.255.255.0
static (inside,outside) tcp 62.192.102.102 65000 192.168.200.13 65000 netmask 255.255.255.255
static (inside,outside) tcp 62.192.102.102 smtp 192.168.200.5 smtp netmask 255.255.255.255
static (inside,outside) tcp 62.192.102.102 443 192.168.200.5 443 netmask 255.255.255.255
static (inside,outside) tcp 62.192.102.102 4899 192.168.200.5 4899 netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 62.192.102.101 1
06-26-2007 10:55 AM
Is 62.192.102.102 also the outside inteface address of the ASA?
06-27-2007 02:06 AM
no, the address of the outside interface (vlan1) is 62.192.102.202.
06-27-2007 04:49 AM
The config looks fine, as long as 62.192.102.102 is being routed to you it should be ok.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide