Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access Web Server from Internet to inside interface

Hi,

I have a problem with my Web Server on LAN (Inside interface). I am not able to reach it from Internet. I have tried many different Access Rules, but can't get it run. When I do a Packet Trace with ASDM, it say an access-list error (see in attachments).

Thanks for your help.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Access Web Server from Internet to inside interface

Hi

In 192.168.0.102 server, enter www.whatismyip.com and check if your global ip is in 217.128.122.x network. Did you request more than 1 IPs from your ISP or this is your only IP?

If this is your only IP, add the following

no static (inside,outside) tcp 217.128.122.84 www intranet www netmask 255.255.255.255 dns

no access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www

static (inside,outside) tcp interface www intranet www netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq www

now try to browse the IP, which you see in whatsmyip, from internet in somewhere

9 REPLIES

Re: Access Web Server from Internet to inside interface

Hi, lets take this step by step looking at your config there are couple of things but 1st where is the defaul route, I do not see a default route in asa.

can you issue at command line show route | inc 0.0.0.0 and post output.

Jorge

New Member

Re: Access Web Server from Internet to inside interface

I used "Obtain default route using PPPoE" with Startup Wizard... Is it wrong ?

New Member

Re: Access Web Server from Internet to inside interface

For the access from outside 2 things are required

1) Static Translations

2) ACL

The Screen shot is showing the Packet is getting dropped due the implicit deny policy and its not matching ur configured ACL.

plz corrct me if i am wrong

K

New Member

Re: Access Web Server from Internet to inside interface

You are not wrong.

The ACL is built wrong (its defining a source port of www) to host 217.128.122.84.

access-list outside_access_in extended permit tcp any eq www host 217.128.122.84

It should be

access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www

Please rate helpful posts :)

Tim

New Member

Re: Access Web Server from Internet to inside interface

Hi !

Tks a lot for your help but I have the same error :-(

710003 81.253.x.y 217.128.122.84 TCP access denied by ACL from 81.253.x.y/51574 to outside:217.128.122.84/80

Is it can be a license limit ? Or due to the internal http server of ASA ?

New Member

Re: Access Web Server from Internet to inside interface

My configuration...

New Member

Re: Access Web Server from Internet to inside interface

Correct...

New Member

Re: Access Web Server from Internet to inside interface

Yes, Tim is right above.

Re: Access Web Server from Internet to inside interface

Hi

In 192.168.0.102 server, enter www.whatismyip.com and check if your global ip is in 217.128.122.x network. Did you request more than 1 IPs from your ISP or this is your only IP?

If this is your only IP, add the following

no static (inside,outside) tcp 217.128.122.84 www intranet www netmask 255.255.255.255 dns

no access-list outside_access_in extended permit tcp any host 217.128.122.84 eq www

static (inside,outside) tcp interface www intranet www netmask 255.255.255.255

access-list outside_access_in extended permit tcp any interface outside eq www

now try to browse the IP, which you see in whatsmyip, from internet in somewhere

182
Views
0
Helpful
9
Replies