03-02-2010 06:31 AM - edited 03-11-2019 10:16 AM
Hello
I have a ASA 5510 and connected a box on DMZ1 with a 192.168.xx address and setup nat and ACL to enable http.
But for some reason when I tray to access it from the outside on the Internet I get this messed
Mar 02 2010 15:02:35: %ASA-0-106100: access-list acl_out permitted tcp outside/xxxxxxx(1575) -> DMZ1/xxxxxx(80) hit-cnt 1 first hit [0x7f22e554, 0x0]
and a time out on the browser.
Thomas
03-02-2010 06:56 AM
Hi:
What kind of NAT have you configured, could you paste the config about it?. Remember you have to configure static NAT in order the communication is bidirectional.
Regards
03-02-2010 10:02 AM
Pls. see what the builds and the teardown messages say (302015 and 302016 syslogs).
I take it you are using static pat for this flow.
-KS
03-02-2010 05:46 PM
You will also need a router to the dmz host and also a stitic rule like
static (dmz,outside) xxxx
or
static (dmz,outside) tcp xxxx 80
I hope it helps.
PK
03-02-2010 11:08 PM
I have
The 192.168.1.100 is a box that I directly connected.
DMZ1
ip address 192.168.1.101 255.255.255.0
static (DMZ1,outside) xxx.public.xxx 192.168.1.100 netmask 255.255.255.255
access-group DMZ1_access_in in interface DMZ1
access-list DMZ1_access_in extended permit tcp any any eq www log emergencies
access-list DMZ1_access_in extended deny ip any any
and for some reason i can not connect.
Thomas
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: