07-09-2008 12:52 AM - edited 03-11-2019 06:11 AM
I am having a problem with accessing a web server that sits behind a PIX 515e running version 7.2(2)
I have a static which translate the IP address on the external interface to a ip address on the internal network. I also have a access-list which allows HTTP and HTTPS through. I have attached the entried in a txt file.
when I do a show xlate i can see the translations but when I do a show access-list outside_access_in the access list is shown but the hitcount is 0 on each entry the access list is the access list is applied in on the outside interface.
it probably something really simple I just cant see it at the moment.
Many Thanks
07-09-2008 01:01 AM
no access-list outside_access_in extended permit tcp any eq www object-group WEBSERVERS_REF eq www
no access-list outside_access_in extended permit tcp any eq https object-group WEBSERVERS_REF eq https
access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq www
access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq https
07-09-2008 01:16 AM
thanks for that.
I have tried this and it still does not work.
07-09-2008 01:32 AM
try again
in any case you ACL is not correct.
07-09-2008 01:57 AM
Clear all following commands
no static (inside,outside) tcp xxx.xxx.xxx.xxx www 10.220.2.5 www netmask 255.255.255.255
no static (inside,outside) tcp xxx.xxx.xxx.xxx https 10.220.2.5 https netmask 255.255.255.255
no access-list outside_access_in extended permit tcp any eq www object-group WEBSERVERS_REF eq www
no access-list outside_access_in extended permit tcp any eq https object-group WEBSERVERS_REF eq https
and try this and rate for this post
access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq www
access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq https
static (inside,outside) xxx.xxx.xxx.xxx 10.220.2.5 netmask 255.255.255.255
Clear xlate
Cheers
07-09-2008 03:03 AM
I may guess that in
static (inside,outside) tcp xxx.xxx.xxx.xxx www 10.220.2.5 www netmask 255.255.255.255
static (inside,outside) tcp xxx.xxx.xxx.xxx https 10.220.2.5 https netmask 255.255.255.255
xxx.xxx.xxx.xxx belongs to ASA's interface itself
so you must use another variant
static (inside,outside) tcp interface www 10.220.2.5 www netmask 255.255.255.255
static (inside,outside) tcp interface https 10.220.2.5 https netmask 255.255.255.255
and correct your ACL
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: