Asa 5505 outside cant access server in the inside

Answered Question
Apr 15th, 2009
User Badges:

hi, i have an Asa 5505, a pc in the outside with the ip cant access to a server in the inside, pls help...

this is my conf:

ASA Version 8.0(4)


hostname ciscoasa

domain-name default.domain.invalid

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Vlan1

nameif inside

security-level 0

ip address


interface Vlan2

nameif outside

security-level 0

ip address


interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


boot system disk0:/asa804-k8.bin

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

access-list 100 extended permit tcp any host eq www

pager lines 24

logging enable

logging asdm debugging

mtu inside 1500

<--- More --->

mtu outside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-613.bin

no asdm history enable

arp timeout 14400


global (outside) 1 interface

nat (inside) 1

static (inside,outside) netmask

access-group 100 in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

<--- More --->

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside


dhcpd address inside

dhcpd enable inside


threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

<--- More --->

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_policy global

prompt hostname context


: end


Correct Answer by vikram_anumukonda about 8 years 3 months ago

got it , but is anything showing up in the logs when you try to access over http

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
andresfmg Thu, 04/16/2009 - 05:16
User Badges:


yes is an error the security-level actually is on 100 right now. but still not work.

any other idea ?

vikram_anumukonda Thu, 04/16/2009 - 05:38
User Badges:
  • Bronze, 100 points or more

don't you need to exempt .4 from DHCP range. logging might be helpful here.

andresfmg Thu, 04/16/2009 - 05:46
User Badges:

from the outside i try to access, then the nat translate to thats the idea becouse from outside cant access directly to

Correct Answer
vikram_anumukonda Thu, 04/16/2009 - 07:58
User Badges:
  • Bronze, 100 points or more

got it , but is anything showing up in the logs when you try to access over http

andresfmg Fri, 04/17/2009 - 05:26
User Badges:

wrong configuration in the server.

wrong ip on gateway,


This Discussion