Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
483
Views
0
Helpful
5
Replies

Unable to access website for outside world

neilplatt
Level 1
Level 1

‎07-09-2008 12:52 AM - edited ‎03-11-2019 06:11 AM

I am having a problem with accessing a web server that sits behind a PIX 515e running version 7.2(2)

I have a static which translate the IP address on the external interface to a ip address on the internal network. I also have a access-list which allows HTTP and HTTPS through. I have attached the entried in a txt file.

when I do a show xlate i can see the translations but when I do a show access-list outside_access_in the access list is shown but the hitcount is 0 on each entry the access list is the access list is applied in on the outside interface.

it probably something really simple I just cant see it at the moment.

Many Thanks

Labels:
Preview file
1 KB
0 Helpful
5 Replies 5

a.alekseev
Level 7
Level 7

‎07-09-2008 01:01 AM

no access-list outside_access_in extended permit tcp any eq www object-group WEBSERVERS_REF eq www

no access-list outside_access_in extended permit tcp any eq https object-group WEBSERVERS_REF eq https

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq www

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq https

0 Helpful

neilplatt
Level 1
Level 1
In response to a.alekseev

‎07-09-2008 01:16 AM

thanks for that.

I have tried this and it still does not work.

0 Helpful

a.alekseev
Level 7
Level 7
In response to neilplatt

‎07-09-2008 01:32 AM

try again

in any case you ACL is not correct.

0 Helpful

ray_stone
Level 1
Level 1
In response to neilplatt

‎07-09-2008 01:57 AM

Clear all following commands

no static (inside,outside) tcp xxx.xxx.xxx.xxx www 10.220.2.5 www netmask 255.255.255.255

no static (inside,outside) tcp xxx.xxx.xxx.xxx https 10.220.2.5 https netmask 255.255.255.255

no access-list outside_access_in extended permit tcp any eq www object-group WEBSERVERS_REF eq www

no access-list outside_access_in extended permit tcp any eq https object-group WEBSERVERS_REF eq https

and try this and rate for this post

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq www

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq https

static (inside,outside) xxx.xxx.xxx.xxx 10.220.2.5 netmask 255.255.255.255

Clear xlate

Cheers

0 Helpful

a.alekseev
Level 7
Level 7
In response to neilplatt

‎07-09-2008 03:03 AM

I may guess that in

static (inside,outside) tcp xxx.xxx.xxx.xxx www 10.220.2.5 www netmask 255.255.255.255

static (inside,outside) tcp xxx.xxx.xxx.xxx https 10.220.2.5 https netmask 255.255.255.255

xxx.xxx.xxx.xxx belongs to ASA's interface itself

so you must use another variant

static (inside,outside) tcp interface www 10.220.2.5 www netmask 255.255.255.255

static (inside,outside) tcp interface https 10.220.2.5 https netmask 255.255.255.255

and correct your ACL

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card