Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Asa 5505 outside cant access server in the inside

hi, i have an Asa 5505, a pc in the outside with the ip 10.1.1.6 cant access to a server in the inside 192.168.1.4, pls help...

this is my conf:

ASA Version 8.0(4)

!

hostname ciscoasa

domain-name default.domain.invalid

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Vlan1

nameif inside

security-level 0

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 10.1.1.2 255.255.255.0

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

boot system disk0:/asa804-k8.bin

ftp mode passive

dns server-group DefaultDNS

domain-name default.domain.invalid

object-group protocol TCPUDP

protocol-object udp

protocol-object tcp

access-list 100 extended permit tcp any host 10.1.1.3 eq www

pager lines 24

logging enable

logging asdm debugging

mtu inside 1500

<--- More --->

mtu outside 1500

no failover

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-613.bin

no asdm history enable

arp timeout 14400

nat-control

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) 10.1.1.3 192.168.1.4 netmask 255.255.255.255

access-group 100 in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

dynamic-access-policy-record DfltAccessPolicy

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

<--- More --->

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside

!

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

<--- More --->

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:14e7b74fabc386613ae646b915f60e9e

: end

ciscoasa#

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Asa 5505 outside cant access server in the inside

got it , but is anything showing up in the logs when you try to access 10.1.1.3 over http

8 REPLIES

Re: Asa 5505 outside cant access server in the inside

change the security-level of Vlan1 to 100.

New Member

Re: Asa 5505 outside cant access server in the inside

Hi

yes is an error the security-level actually is on 100 right now. but still not work.

any other idea ?

Re: Asa 5505 outside cant access server in the inside

don't you need to exempt .4 from DHCP range. logging might be helpful here.

New Member

Re: Asa 5505 outside cant access server in the inside

from the outside i try to access 10.1.1.3, then the nat translate to 192.168.1.4 thats the idea becouse from outside cant access directly to 192.168.1.4

Re: Asa 5505 outside cant access server in the inside

got it , but is anything showing up in the logs when you try to access 10.1.1.3 over http

Re: Asa 5505 outside cant access server in the inside

what was the issue ???

New Member

Re: Asa 5505 outside cant access server in the inside

wrong configuration in the server.

wrong ip on gateway,

Re: Asa 5505 outside cant access server in the inside

thanks for letting us know.

146
Views
0
Helpful
8
Replies
CreatePlease to create content