cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
542
Views
0
Helpful
7
Replies

problem with ASA 5540..

punyarthisa
Level 1
Level 1

I am facing a problem with ASA for providing Application connectivity to intranet hosts. The details are explained below:

The Network structure is as follows:

- Intranet gateway router = 172.16.150.1

- ASA outside interface = 172.16.150.3

- NAt'ed IP to app server = 172.16.150.2

- remote network gateway = 172.16.151.1

Problem:

- Intranet Gateway routers and all hosts to router at all ends can ping each other except ASA.

- Only hosts conected to the router to which ASA is connected can ping ASA outside interface and also get tcp access through ASA.

- but Intranet gateway router to which ASA is connected cant ping ASA.

- The remote hosts cant get tcp access through ASA, getting no hits on ASA interface.

- If ASA connected to Public IP over Internet with same settings (only IP changed) all host on internet can ping ASA outside interface and access web server inside.

The ASA config file is attached. Please help in resolving this problem. I want to enable access to web server inside ASA to outside Intranet on private IP's.

7 Replies 7

a.alekseev
Level 7
Level 7

and what is your problem?

problem is that Intranet hosts outside ASA cannot get tcp/http access to web servers residing inside ASA even after permitting any host to inside network by access-list.

You should have static NAT for the Intranet hosts.

Which networks have private ip addresses and which networks have public ip?

I have used static NAT as given below

# static (inside,outside) 172.16.150.2 192.168.8.21 netmask 255.255.255.255

here no public IP is involved, 172.16.0.0/ 24 is Intranet network connected on outside interface of ASA through router 172.16.150.1, and 192.168.8.21 is web server IP connected to inside interface of ASA.

a.alekseev
Level 7
Level 7

no access-group inside in interface inside

no access-group inside_out out interface inside

and try again

does it mean no access list required on inside interface. I shall try out tomorrow and revert you back.

Thanks for guidance.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: