09-13-2007 12:15 PM - edited 03-11-2019 04:10 AM
Hi,
I have not been able to figure out how to setup PAT/ACLs or anything else to get an outside web browser to hit my webserver.
Setup:
cable modem -> ASA 5505 -> PC
-> webserver
I'd like everyone on the outside to be able to hit the webserver. I've tried all kinds of different security policies with no luck.
I must not understand the policies and NAT/PAT stuff very well.
Coming from an old Linksys router you told it what port to watch for and then forward it to a host on the inside. The ASA seems MUCH more complicated than that...
Public IP: 1.1.1.1
Inside IP: 192.168.1.1
Look for the general rules that set this access up. I'll try to use the CLI if you can show the actual commands, otherwise I'm fumbling around in the GUI.
Any help would be appreciated.
Solved! Go to Solution.
09-13-2007 12:17 PM
It's more complicated for good reason.
In it's simplest form, these commands will do the trick.
static (inside,outside) interface
access-list outside_access_in permit tcp any interface outside eq 80
access-group outside_access_in in interface outside
This is if you are using the outside interface ip of your ASA to access the webserver.
You can also do this which would allow you to use the outside interface ip for other services to other servers...
static (inside,outside) tcp interface 80
09-13-2007 12:17 PM
It's more complicated for good reason.
In it's simplest form, these commands will do the trick.
static (inside,outside) interface
access-list outside_access_in permit tcp any interface outside eq 80
access-group outside_access_in in interface outside
This is if you are using the outside interface ip of your ASA to access the webserver.
You can also do this which would allow you to use the outside interface ip for other services to other servers...
static (inside,outside) tcp interface 80
09-13-2007 12:26 PM
Thank you!
I see where I went wrong... I was setting the source port to 80.
09-13-2007 12:20 PM
Hi
What is the private IP address of the web server and what is the public IP address you want to present it as eg.
if private IP = 192.168.5.1
public IP = 217.22.1.10
then config would be
static (inside,outside) 217.22.1.10 192.168.5.1 netmask 255.255.255.255
access-list acl_inbound permit tcp any host 217.22.1.10 eq 80
access-group acl_inbound in interface outside
HTH
Jon
09-13-2007 12:29 PM
Here are the commands:
static (inside,outside) 1.1.1.1 192.168.1.1
access-list aclout permit tcp any host 1.1.1.1 eq 80
access-group aclout in interface outside
In case 1.1.1.1 is the IP address of the outside interface of ASA, then here are the commands:
static (inside,outside) tcp interface 80 192.168.1.1 80
access-list aclout permit tcp any interface outside eq 80
access-group aclout in interface outside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: