Unable to access website for outside world

Unanswered Question
Jul 9th, 2008

I am having a problem with accessing a web server that sits behind a PIX 515e running version 7.2(2)


I have a static which translate the IP address on the external interface to a ip address on the internal network. I also have a access-list which allows HTTP and HTTPS through. I have attached the entried in a txt file.


when I do a show xlate i can see the translations but when I do a show access-list outside_access_in the access list is shown but the hitcount is 0 on each entry the access list is the access list is applied in on the outside interface.


it probably something really simple I just cant see it at the moment.


Many Thanks






Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
a.alekseev Wed, 07/09/2008 - 01:01

no access-list outside_access_in extended permit tcp any eq www object-group WEBSERVERS_REF eq www

no access-list outside_access_in extended permit tcp any eq https object-group WEBSERVERS_REF eq https


access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq www

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq https

neilplatt Wed, 07/09/2008 - 01:16

thanks for that.


I have tried this and it still does not work.

ray_stone Wed, 07/09/2008 - 01:57

Clear all following commands


no static (inside,outside) tcp xxx.xxx.xxx.xxx www 10.220.2.5 www netmask 255.255.255.255

no static (inside,outside) tcp xxx.xxx.xxx.xxx https 10.220.2.5 https netmask 255.255.255.255


no access-list outside_access_in extended permit tcp any eq www object-group WEBSERVERS_REF eq www

no access-list outside_access_in extended permit tcp any eq https object-group WEBSERVERS_REF eq https


and try this and rate for this post


access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq www

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq https




static (inside,outside) xxx.xxx.xxx.xxx 10.220.2.5 netmask 255.255.255.255


Clear xlate


Cheers

a.alekseev Wed, 07/09/2008 - 03:03

I may guess that in

static (inside,outside) tcp xxx.xxx.xxx.xxx www 10.220.2.5 www netmask 255.255.255.255

static (inside,outside) tcp xxx.xxx.xxx.xxx https 10.220.2.5 https netmask 255.255.255.255

xxx.xxx.xxx.xxx belongs to ASA's interface itself

so you must use another variant

static (inside,outside) tcp interface www 10.220.2.5 www netmask 255.255.255.255

static (inside,outside) tcp interface https 10.220.2.5 https netmask 255.255.255.255


and correct your ACL

Actions

This Discussion