cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
496
Views
0
Helpful
4
Replies

asa 5510

thomas.olsen
Level 1
Level 1

Hello

I have a ASA 5510 and connected a box on DMZ1 with a 192.168.xx address and setup nat and ACL to enable http.

But for some reason when I tray to access it from the outside on the Internet I get this messed 

Mar 02 2010 15:02:35: %ASA-0-106100: access-list acl_out permitted tcp outside/xxxxxxx(1575) -> DMZ1/xxxxxx(80) hit-cnt 1 first hit [0x7f22e554, 0x0]

and a time out on the browser.

Thomas

4 Replies 4

Hi:

What kind of NAT have you configured, could you paste the config about it?. Remember you have to configure static NAT in order the communication is bidirectional.

Regards

Pls. see what the builds and the teardown messages say (302015 and 302016 syslogs).

I take it you are using static pat for this flow.

-KS

You will also need a router to the dmz host and also a stitic rule like

static (dmz,outside) xxxx

or

static (dmz,outside) tcp xxxx 80 80

I hope it helps.

PK

I have

The 192.168.1.100 is a box that I directly connected.

DMZ1

ip address 192.168.1.101 255.255.255.0

static (DMZ1,outside) xxx.public.xxx 192.168.1.100 netmask 255.255.255.255

access-group DMZ1_access_in in interface DMZ1
access-list DMZ1_access_in extended permit tcp any any eq www log emergencies
access-list DMZ1_access_in extended deny ip any any

and for some reason i can not connect.

Thomas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: