asa 5510

Unanswered Question
Mar 2nd, 2010

Hello

I have a ASA 5510 and connected a box on DMZ1 with a 192.168.xx address and setup nat and ACL to enable http.

But for some reason when I tray to access it from the outside on the Internet I get this messed 

Mar 02 2010 15:02:35: %ASA-0-106100: access-list acl_out permitted tcp outside/xxxxxxx(1575) -> DMZ1/xxxxxx(80) hit-cnt 1 first hit [0x7f22e554, 0x0]

and a time out on the browser.

Thomas

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Francisco Del Cura Tue, 03/02/2010 - 06:56

Hi:

What kind of NAT have you configured, could you paste the config about it?. Remember you have to configure static NAT in order the communication is bidirectional.

Regards

Kureli Sankar Tue, 03/02/2010 - 10:02

Pls. see what the builds and the teardown messages say (302015 and 302016 syslogs).

I take it you are using static pat for this flow.

-KS

Panos Kampanakis Tue, 03/02/2010 - 17:46

You will also need a router to the dmz host and also a stitic rule like

static (dmz,outside) xxxx

or

static (dmz,outside) tcp xxxx 80 80

I hope it helps.

PK

thomas.olsen Tue, 03/02/2010 - 23:08

I have

The 192.168.1.100 is a box that I directly connected.

DMZ1

ip address 192.168.1.101 255.255.255.0

static (DMZ1,outside) xxx.public.xxx 192.168.1.100 netmask 255.255.255.255

access-group DMZ1_access_in in interface DMZ1
access-list DMZ1_access_in extended permit tcp any any eq www log emergencies
access-list DMZ1_access_in extended deny ip any any

and for some reason i can not connect.

Thomas

Actions

This Discussion