asa5520 is denying http packets, when i have it permitted!

Unanswered Question
Nov 8th, 2007


I have a cisco asa5520 (new) and while configuring a workstation to permit http syn port 80, the firewall still denies the packets! I can't figure out why it is denying the packets, help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Fernando_Meza Thu, 11/08/2007 - 12:03


If you are trying to reach a worktation which is located behind the inside interface of the firewall from the outside then you also need to have a static NAT command i.e

static (inside,outside) Public-IP Private-IP netmak

Where Public-IP is the routable IP address that people from the internet will need to know in order to reach your web server.

Private-IP is the real IP address allocated to your server.

The access-list applied to the OUTSIDE interface should look something like this

access-list Outside-In permit tcp any host Public-IP eq 80

access-group Outside-In in interface outside

I hope it helps ... please rate it if it does !!!

Anonymous (not verified) Fri, 11/09/2007 - 06:22


This Discussion