Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
588
Views
0
Helpful
5
Replies

simple configuration but not working

Go to solution
mrSS
Level 1
Level 1

‎10-22-2007 04:25 PM - edited ‎03-11-2019 04:28 AM

very simple configuration, but for some reason its not working...im trying to get the outside to reach inside via port www...the hitcnt on show access list increases but www not showing up on outside pc...any ideas?...oh yeah, this is a brand new asa 5520...this is the first using 7.0 code...more familar with 5 - 6.3 code...

thanks in advance

interface Ethernet0/0

speed 100

nameif outside

security-level 0

ip address 192.168.101.1 255.255.255.0

!

interface Ethernet0/1

speed 100

nameif inside

security-level 100

ip address 10.100.245.1 255.255.255.0

access-list outside extended permit tcp host 192.168.101.5 host 10.100.245.5 eq www

access-group outside in interface outside

static (inside,outside) 10.100.245.5 10.100.245.5 netmask 255.255.255.255

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sundar.palaniappan
Level 10
Level 10

‎10-22-2007 04:35 PM

I don't see anything wrong in your configuration.

Does your www server use the inside interface (10.100.245.1) as it's gateway?

Post the output of 'show nat' if you are still having problems?

HTH

Sundar

View solution in original post

0 Helpful
5 Replies 5

Go to solution
sundar.palaniappan
Level 10
Level 10

‎10-22-2007 04:35 PM

I don't see anything wrong in your configuration.

Does your www server use the inside interface (10.100.245.1) as it's gateway?

Post the output of 'show nat' if you are still having problems?

HTH

Sundar

0 Helpful

Go to solution
mrSS
Level 1
Level 1
In response to sundar.palaniappan

‎10-22-2007 04:39 PM

ill check in the morning...well, i think i used the correct gateway, unless i fat fingered it...ill post back in the morning...

thanks again for the response...

0 Helpful

Go to solution
Patrick Iseli
Level 7
Level 7
In response to mrSS

‎10-22-2007 08:33 PM

Have you tryed other options as:

Static translation :

access-list acl_out permit tcp any host YourPublic-IP eq www

access-group acl_out in interface outside

static (inside,outside) YourPublic-IP Local-IP netmask 255.255.255.255 0 0

Port address translation:

access-list acl_out permit tcp any PublicIP eq http

access-group acl_out in interface outside

static (inside,outside) tcp PublicIP http inside-IP http netmask 255.255.255.255 0 0

Or simply use a NONAT and an ACL as you have in your example. This diables NAT but the outside ACL is still needed.

access-list no_nat_inside extended permit ip any any

nat (inside) 0 access-list no_nat_inside

Note: Do not forget after changing the static to reset the translation table. Be aware that this will reset all connections.

Execute:

clear xlate

sincerely

Patrick

0 Helpful

Go to solution
mrSS
Level 1
Level 1
In response to sundar.palaniappan

‎10-23-2007 05:35 AM

yep, it was fat fingered...my gateway ip address on my laptop was incorrect...fw is working great!...

thanks for everybody who replied...

0 Helpful

Go to solution
pjhenriqs
Level 1
Level 1

‎10-23-2007 01:17 AM

Hi,

Just a few debug ideas.

Check the log on the ASDM/CLI to see what exact error it is giving, if any at all. If there is no error then probably you have an HTTP server misconfiguration or even a routing problem on your LAN.

Another thing you can do is just "telnet 10.100.245.5 80" and see if it goes through.

Hope it helps.

Paulo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card