Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ASA 5505 - STATIC NAT PROBLEM

Hi guys,

As you can see in the attached file i have a web server in dmz which has a real ip of 172.168.100.1 and a public ip 192.168.200.1 (let's assume that this is a public ip address for security reasons). All necessary configuration regarding natting and access-lists is in place.

 

From inside i can reach the web server and vice versa

From dmz i can reach the internet the weird thing is that if i try from a different internet line to ping 192.168.200.1 (web server's public ip) i can ping it without a problem but when i try to reach the web server via a browser i am receiving the timeout error.

 

If i change my access list entry  "access-list OUTSIDE-IN  extended permit tcp any host 192.168.200.1 eq 80" to the below

 "access-list OUTSIDE-IN  extended permit ip any any" 

I am able to access the web server.

i've checked the real time log viewer and when i am using the "access-list OUTSIDE-IN  extended permit tcp any host 192.168.200.1 eq 80"  i receive a deny tcp src outside ...by access-group OUTSIDE-IN.

 

What do you believe it's blocking the connection?

 

Best Regards 

 

Stelios

 

 

  • Firewalling
2 REPLIES
Hall of Fame Super Blue

SteliosFrom the looks of your

Stelios

From the looks of your static statement you are running 8.3 or later code.

So in your acl you need to use the private IP of the server and not the the public IP.

Jon
 

Thanks a lot Jon, for

Thanks a lot Jon, for assisted me solve this problem.

The weird thing that i can't undestand, is that the icmp was working without a problem using the above mentioned access-list however accesing the web server using www wasn't working.

How you explain that?

61
Views
5
Helpful
2
Replies