Access Web Server from Internet to inside interface

Answered Question
Nov 23rd, 2007

Hi,

I have a problem with my Web Server on LAN (Inside interface). I am not able to reach it from Internet. I have tried many different Access Rules, but can't get it run. When I do a Packet Trace with ASDM, it say an access-list error (see in attachments).

Thanks for your help.

I have this problem too.
0 votes
Correct Answer by husycisco about 9 years 1 week ago

Hi

In 192.168.0.102 server, enter www.whatismyip.com and check if your global ip is in 217.128.122.x network. Did you request more than 1 IPs from your ISP or this is your only IP?

If this is your only IP, add the following

no static (inside,outside) tcp 217.128.122.84 www intranet www netmask 255.255.255.255 dns

no access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www

static (inside,outside) tcp interface www intranet www netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq www

now try to browse the IP, which you see in whatsmyip, from internet in somewhere

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
JORGE RODRIGUEZ Fri, 11/23/2007 - 18:53

Hi, lets take this step by step looking at your config there are couple of things but 1st where is the defaul route, I do not see a default route in asa.

can you issue at command line show route | inc 0.0.0.0 and post output.

Jorge

mhennebicq Tue, 11/27/2007 - 10:36

I used "Obtain default route using PPPoE" with Startup Wizard... Is it wrong ?

kunal.shandil Sat, 11/24/2007 - 04:47

For the access from outside 2 things are required

1) Static Translations

2) ACL

The Screen shot is showing the Packet is getting dropped due the implicit deny policy and its not matching ur configured ACL.

plz corrct me if i am wrong

K

mhennebicq Tue, 11/27/2007 - 10:28

Hi !

Tks a lot for your help but I have the same error :-(

710003 81.253.x.y 217.128.122.84 TCP access denied by ACL from 81.253.x.y/51574 to outside:217.128.122.84/80

Is it can be a license limit ? Or due to the internal http server of ASA ?

Correct Answer
husycisco Wed, 11/28/2007 - 04:55

Hi

In 192.168.0.102 server, enter www.whatismyip.com and check if your global ip is in 217.128.122.x network. Did you request more than 1 IPs from your ISP or this is your only IP?

If this is your only IP, add the following

no static (inside,outside) tcp 217.128.122.84 www intranet www netmask 255.255.255.255 dns

no access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www

static (inside,outside) tcp interface www intranet www netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq www

now try to browse the IP, which you see in whatsmyip, from internet in somewhere

Actions

This Discussion