02-08-2017 11:22 PM - edited 03-12-2019 01:54 AM
Inside I have one server - running two application one is on port number 80 and another is on port 83.
when outside customer accessing the application on port 80 then the web address displaying the
when accessing
both the application
-------------------------------------------------------------------------------------------------------------------
Configured..
Port Redirection (Forwarding) with static, command as below
nat (inside,outside) static 203.0.115.15 net-to-net service tcp www www
Be thankful for your early response and help.
Regards,
Laxman.
02-09-2017 04:15 AM
What you have is a rule for www (port 80) alone. Do you have a rule for port 83 also? Where does the application display the actual ip address?
If you do not have a rule already, create a similar rule for 83 and you should be good. Follow the steps given in this doc to create a port forwarding rule:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/118996-config-asa-00.html#anc10
02-09-2017 10:03 PM
Hi Rahul,
Thanks for your early response,
When the customer is accessing from external-outside to inside.
I have done the same thing for port 83 also but in
02-10-2017 11:32 AM
I am not entirely sure I understand exaclty what your issue is, but I will answer it as I see it and then we can take it from there.
Your NAT rule looks to be wrong. You are indicating that the ingress interface is inside and that the source address entering the inside interface is 203.0.115.15. I am assuming that this is the public IP and that you have a private address range assigned to the host?
nat (inside,outside) static 203.0.115.15 net-to-net service tcp www www
If my assumption is correct then your NAT rule should look like this:
nat (inside,outside) static net-to-net 203.0.115.15 service tcp www www
If I have misunderstood, then please explain in more detail what the issue is and post a full running configuration (sanitized).
--
Please remember to select a correct answer and rate helpful posts
02-13-2017 02:56 AM
Dear All,
I am in the process of upgrading from a pix505e firewall to an asa5505 (ASA Version 9.1(7)7). I am able to access web server from internet on the pix but after running the following command:
interface Ethernet0/0
switchport access vlan 10
!
interface Ethernet0/1
switchport access vlan 100
interface Vlan10
nameif outside
security-level 0
ip address dhcp setroute
!
interface Vlan100
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
!
object network web_server
host 192.168.1.10
nat (inside,outside) static interface service tcp www www
access-list outside_in extended permit tcp any host192.168.1.10 eq www
access-group outside_in in interface outside
You might as why I am not using dmz, well I am in the process of migrating the servers to the dmz. However, in the meantime the server is in the inside nameif and I need access to the internal web server.
My issue is that the web server cannot be accessed from the outside. I have to revert to using the pix for user to be able to access the webserver for now until this issue is resolved...
Thank you for your quick response
02-17-2017 03:41 AM
Dear All,
I have finally figured out what the issue was. I forgot to change the default gateway of the web server to the new ASA firewall.
Thank you
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: