Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1328
Views
0
Helpful
2
Replies

access to a web server from outside(ASA 5505)

kamilchik
Level 1
Level 1

‎09-24-2014 05:06 AM - edited ‎03-11-2019 09:49 PM

Heelo, need kindly advice

 

i`ve configured NAT rules as following:

 

object network HWebServer
host 10.43.1.11
description OutsideWebserver
object network HWebServer
nat (inside,outside) static interface service tcp 80 8087

 

then set access rules to allow 8087 port on outside interface.

 

but still, cannot open 10.43.1.11:8087 from internet side

 

what can be done to solve?

 

thanks in advance

Komil

 

Labels:
0 Helpful
2 Replies 2

Jouni Forss
VIP Alumni
VIP Alumni

‎09-24-2014 05:14 AM

Hi,

 

The NAT configurations is fine but the problem is with the ACL you have configured.

 

Since Cisco introduced the new NAT configuration format in the ASA Software versin 8.3 (and above) you have to allow traffic always to the real IP address and to the real port also.

 

Your problem seems to be that you have allowed traffic to the mapped port TCP/8087 and not the real port TCP/80.

 

So make a rule that allows port TCP/80 from the external network and then try again.

 

The reason why you need to allow connections to the real IP address and real port is because the ASA first does the UN-NAT for the destination address and port and after that it checks the interface ACL and since the UN-NAT has been done the destination in that case is the Real IP and the destination port the Real Port.

 

Hope this helps :)

 

- Jouni

0 Helpful

SANTHOSHKUMAR SARAVANAN
Level 4
Level 4

‎09-24-2014 05:19 AM

Hi ,

 Can you share me your access-list , have you defined real IP address on your access-list 10.43.1.11 for service port 80 . 

 

HTH

Sandy

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card