As you can see in the attached file i have a web server in dmz which has a real ip of 188.8.131.52 and a public ip 192.168.200.1 (let's assume that this is a public ip address for security reasons). All necessary configuration regarding natting and access-lists is in place.
From inside i can reach the web server and vice versa
From dmz i can reach the internet the weird thing is that if i try from a different internet line to ping 192.168.200.1 (web server's public ip) i can ping it without a problem but when i try to reach the web server via a browser i am receiving the timeout error.
If i change my access list entry "access-list OUTSIDE-IN extended permit tcp any host 192.168.200.1 eq 80" to the below
"access-list OUTSIDE-IN extended permit ip any any"
I am able to access the web server.
i've checked the real time log viewer and when i am using the "access-list OUTSIDE-IN extended permit tcp any host 192.168.200.1 eq 80" i receive a deny tcp src outside ...by access-group OUTSIDE-IN.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...