11-23-2007 08:08 AM - edited 03-11-2019 04:34 AM
Hi,
I have a problem with my Web Server on LAN (Inside interface). I am not able to reach it from Internet. I have tried many different Access Rules, but can't get it run. When I do a Packet Trace with ASDM, it say an access-list error (see in attachments).
Thanks for your help.
Solved! Go to Solution.
11-28-2007 04:55 AM
Hi
In 192.168.0.102 server, enter www.whatismyip.com and check if your global ip is in 217.128.122.x network. Did you request more than 1 IPs from your ISP or this is your only IP?
If this is your only IP, add the following
no static (inside,outside) tcp 217.128.122.84 www intranet www netmask 255.255.255.255 dns
no access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www
static (inside,outside) tcp interface www intranet www netmask 255.255.255.255
access-list outside_access_in extended permit tcp any interface outside eq www
now try to browse the IP, which you see in whatsmyip, from internet in somewhere
11-23-2007 06:53 PM
Hi, lets take this step by step looking at your config there are couple of things but 1st where is the defaul route, I do not see a default route in asa.
can you issue at command line show route | inc 0.0.0.0 and post output.
Jorge
11-27-2007 10:36 AM
I used "Obtain default route using PPPoE" with Startup Wizard... Is it wrong ?
11-24-2007 04:47 AM
For the access from outside 2 things are required
1) Static Translations
2) ACL
The Screen shot is showing the Packet is getting dropped due the implicit deny policy and its not matching ur configured ACL.
plz corrct me if i am wrong
K
11-26-2007 08:08 PM
You are not wrong.
The ACL is built wrong (its defining a source port of www) to host 217.128.122.84.
access-list outside_access_in extended permit tcp any eq www host 217.128.122.84
It should be
access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www
Please rate helpful posts :)
Tim
11-27-2007 10:28 AM
Hi !
Tks a lot for your help but I have the same error :-(
710003 81.253.x.y 217.128.122.84 TCP access denied by ACL from 81.253.x.y/51574 to outside:217.128.122.84/80
Is it can be a license limit ? Or due to the internal http server of ASA ?
11-27-2007 10:32 AM
11-27-2007 10:34 AM
Correct...
11-27-2007 05:59 AM
Yes, Tim is right above.
11-28-2007 04:55 AM
Hi
In 192.168.0.102 server, enter www.whatismyip.com and check if your global ip is in 217.128.122.x network. Did you request more than 1 IPs from your ISP or this is your only IP?
If this is your only IP, add the following
no static (inside,outside) tcp 217.128.122.84 www intranet www netmask 255.255.255.255 dns
no access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www
static (inside,outside) tcp interface www intranet www netmask 255.255.255.255
access-list outside_access_in extended permit tcp any interface outside eq www
now try to browse the IP, which you see in whatsmyip, from internet in somewhere
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: