Problem with Port Redirection for Port 80

zenab_ahmed · ‎01-09-2008

Hi all,

Lets look my configuration:

static(inside,outside) tcp 23.56.67.78 www 192.168.1.2 www netmask 255.255.255.255

static (inside,outside) tcp 23.56.67.78 smtp 192.168.1.3 smtp netmask 255.255.255.255

access-list out_in permit tcp any host 23.56.67.78 eq www

access-list out_in permit tcp any host 23.56.67.78 eq smtp

access-list out_in applied on outside interface.

Port redirection is working well for SMTP traffic but not working for WWW.

When i check show connection, it shows me that traffic of port 80 reached to my PIX with flags SaAB.

Any help will be highly appreciated.

Thanks

srue · ‎01-09-2008

what is the output of show xlate?

also, 23.56.67.78 isn't the IP of the outside interface, is it?

zenab_ahmed · ‎01-12-2008

Yes 23.56.67.78 is not the outside interface, its our MX record.

Show conn lport 80

TCP out x.y.z:1234 in 23.56.67.78:80 flags SaAB

r.sneekes · ‎01-14-2008

SaAb Means a Syn has been sent but the firewall is waiting for an ack.

In other words there is no return traffic passing thru the firewall. Maybe there's not an active webserver or the packet is beeing droppped between the firewall and webserver.

If the server is in an directly connected network thats unlikely tho.

Make sure there is a active web server on 192.168.1.2 that is active on port 80, and has the correct ip configuration.

zenab_ahmed · ‎01-14-2008

Thanks for your suggestion.

My web server is active, I can access from inside network.

I feel there is some routing issues for not reaching back to the firewall.

Thanks