asa 5510

Unanswered Question
Mar 2nd, 2010
User Badges:


I have a ASA 5510 and connected a box on DMZ1 with a 192.168.xx address and setup nat and ACL to enable http.

But for some reason when I tray to access it from the outside on the Internet I get this messed 

Mar 02 2010 15:02:35: %ASA-0-106100: access-list acl_out permitted tcp outside/xxxxxxx(1575) -> DMZ1/xxxxxx(80) hit-cnt 1 first hit [0x7f22e554, 0x0]

and a time out on the browser.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Francisco Del Cura Tue, 03/02/2010 - 06:56
User Badges:


What kind of NAT have you configured, could you paste the config about it?. Remember you have to configure static NAT in order the communication is bidirectional.


Kureli Sankar Tue, 03/02/2010 - 10:02
User Badges:
  • Cisco Employee,

Pls. see what the builds and the teardown messages say (302015 and 302016 syslogs).

I take it you are using static pat for this flow.


Panos Kampanakis Tue, 03/02/2010 - 17:46
User Badges:
  • Cisco Employee,

You will also need a router to the dmz host and also a stitic rule like

static (dmz,outside) xxxx


static (dmz,outside) tcp xxxx 80 80

I hope it helps.


thomas.olsen Tue, 03/02/2010 - 23:08
User Badges:

I have

The is a box that I directly connected.


ip address

static (DMZ1,outside) netmask

access-group DMZ1_access_in in interface DMZ1
access-list DMZ1_access_in extended permit tcp any any eq www log emergencies
access-list DMZ1_access_in extended deny ip any any

and for some reason i can not connect.



This Discussion