asa 5510

Unanswered Question
Mar 2nd, 2010


I have a ASA 5510 and connected a box on DMZ1 with a 192.168.xx address and setup nat and ACL to enable http.

But for some reason when I tray to access it from the outside on the Internet I get this messed 

Mar 02 2010 15:02:35: %ASA-0-106100: access-list acl_out permitted tcp outside/xxxxxxx(1575) -> DMZ1/xxxxxx(80) hit-cnt 1 first hit [0x7f22e554, 0x0]

and a time out on the browser.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Francisco Del Cura Tue, 03/02/2010 - 06:56


What kind of NAT have you configured, could you paste the config about it?. Remember you have to configure static NAT in order the communication is bidirectional.


Kureli Sankar Tue, 03/02/2010 - 10:02

Pls. see what the builds and the teardown messages say (302015 and 302016 syslogs).

I take it you are using static pat for this flow.


Panos Kampanakis Tue, 03/02/2010 - 17:46

You will also need a router to the dmz host and also a stitic rule like

static (dmz,outside) xxxx


static (dmz,outside) tcp xxxx 80 80

I hope it helps.


thomas.olsen Tue, 03/02/2010 - 23:08

I have

The is a box that I directly connected.


ip address

static (DMZ1,outside) netmask

access-group DMZ1_access_in in interface DMZ1
access-list DMZ1_access_in extended permit tcp any any eq www log emergencies
access-list DMZ1_access_in extended deny ip any any

and for some reason i can not connect.



This Discussion