cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
806
Views
0
Helpful
9
Replies

Access Web Server from Internet to inside interface

mhennebicq
Level 1
Level 1

Hi,

I have a problem with my Web Server on LAN (Inside interface). I am not able to reach it from Internet. I have tried many different Access Rules, but can't get it run. When I do a Packet Trace with ASDM, it say an access-list error (see in attachments).

Thanks for your help.

1 Accepted Solution

Accepted Solutions

husycisco
Level 7
Level 7

Hi

In 192.168.0.102 server, enter www.whatismyip.com and check if your global ip is in 217.128.122.x network. Did you request more than 1 IPs from your ISP or this is your only IP?

If this is your only IP, add the following

no static (inside,outside) tcp 217.128.122.84 www intranet www netmask 255.255.255.255 dns

no access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www

static (inside,outside) tcp interface www intranet www netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq www

now try to browse the IP, which you see in whatsmyip, from internet in somewhere

View solution in original post

9 Replies 9

JORGE RODRIGUEZ
Level 10
Level 10

Hi, lets take this step by step looking at your config there are couple of things but 1st where is the defaul route, I do not see a default route in asa.

can you issue at command line show route | inc 0.0.0.0 and post output.

Jorge

Jorge Rodriguez

I used "Obtain default route using PPPoE" with Startup Wizard... Is it wrong ?

kunal.shandil
Level 1
Level 1

For the access from outside 2 things are required

1) Static Translations

2) ACL

The Screen shot is showing the Packet is getting dropped due the implicit deny policy and its not matching ur configured ACL.

plz corrct me if i am wrong

K

You are not wrong.

The ACL is built wrong (its defining a source port of www) to host 217.128.122.84.

access-list outside_access_in extended permit tcp any eq www host 217.128.122.84

It should be

access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www

Please rate helpful posts :)

Tim

Hi !

Tks a lot for your help but I have the same error :-(

710003 81.253.x.y 217.128.122.84 TCP access denied by ACL from 81.253.x.y/51574 to outside:217.128.122.84/80

Is it can be a license limit ? Or due to the internal http server of ASA ?

My configuration...

Correct...

arif786
Level 1
Level 1

Yes, Tim is right above.

husycisco
Level 7
Level 7

Hi

In 192.168.0.102 server, enter www.whatismyip.com and check if your global ip is in 217.128.122.x network. Did you request more than 1 IPs from your ISP or this is your only IP?

If this is your only IP, add the following

no static (inside,outside) tcp 217.128.122.84 www intranet www netmask 255.255.255.255 dns

no access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www

static (inside,outside) tcp interface www intranet www netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq www

now try to browse the IP, which you see in whatsmyip, from internet in somewhere

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: