asa 5510

Unanswered Question
Mar 2nd, 2010
User Badges:

Hello


I have a ASA 5510 and connected a box on DMZ1 with a 192.168.xx address and setup nat and ACL to enable http.


But for some reason when I tray to access it from the outside on the Internet I get this messed 


Mar 02 2010 15:02:35: %ASA-0-106100: access-list acl_out permitted tcp outside/xxxxxxx(1575) -> DMZ1/xxxxxx(80) hit-cnt 1 first hit [0x7f22e554, 0x0]


and a time out on the browser.


Thomas

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Francisco Del Cura Tue, 03/02/2010 - 06:56
User Badges:

Hi:


What kind of NAT have you configured, could you paste the config about it?. Remember you have to configure static NAT in order the communication is bidirectional.


Regards

Kureli Sankar Tue, 03/02/2010 - 10:02
User Badges:
  • Cisco Employee,

Pls. see what the builds and the teardown messages say (302015 and 302016 syslogs).

I take it you are using static pat for this flow.


-KS

Panos Kampanakis Tue, 03/02/2010 - 17:46
User Badges:
  • Cisco Employee,

You will also need a router to the dmz host and also a stitic rule like


static (dmz,outside) xxxx


or


static (dmz,outside) tcp xxxx 80 80



I hope it helps.


PK

thomas.olsen Tue, 03/02/2010 - 23:08
User Badges:

I have


The 192.168.1.100 is a box that I directly connected.


DMZ1

ip address 192.168.1.101 255.255.255.0


static (DMZ1,outside) xxx.public.xxx 192.168.1.100 netmask 255.255.255.255

access-group DMZ1_access_in in interface DMZ1
access-list DMZ1_access_in extended permit tcp any any eq www log emergencies
access-list DMZ1_access_in extended deny ip any any


and for some reason i can not connect.


Thomas

Actions

This Discussion