09-26-2007 03:22 AM - edited 03-11-2019 04:17 AM
Hi,
we have a new ASA 5510. It will connect to the internet by pppoe, and for the time we only have one internal network. What I am trying to do is traditional "nat forwarding", ie forward http requests from internet hosts to port 80 on our server located in the internal network.
What seems to be the problem is that the acl's are not recognised, as all traffic is identified and dropped by the last implicit rule. I should also mention that I am a complete noob when it comes to cisco in general, however I have worked whith different firewall brands for years.
I have attached my current config.
Please note that the ASA is not yet installed - I am testing the configurations on a private only network whith the Outside Interface connected via DHCP. Connections from the inside to outside is working, however I cannot connect from the Outside to the internal server(For the time being I am only testing http and RDP). Please also note that I am using ADSM for config purposes as I am not really comfortable with the CLI yet.
any pointers or solutions will be highly appreciated.
Solved! Go to Solution.
09-26-2007 04:57 AM
What is the outside interface address? Is it 10.0.102.232? If so, change your static commands and use the "interface" keyword like so...
static (Inside1,Outside) tcp interface www 10.120.0.10 www netmask 255.255.255.255
static (Inside1,Outside) tcp interface 3389 10.120.0.10 3389 netmask 255.255.255.255
Then your acl would simply look like this...
access-list Outside_access_in extended permit tcp any interface outside eq www
access-list Outside_access_in extended permit tcp any interface outside eq 3389
access-group Outside_access_in in interface Outside
09-26-2007 04:57 AM
What is the outside interface address? Is it 10.0.102.232? If so, change your static commands and use the "interface" keyword like so...
static (Inside1,Outside) tcp interface www 10.120.0.10 www netmask 255.255.255.255
static (Inside1,Outside) tcp interface 3389 10.120.0.10 3389 netmask 255.255.255.255
Then your acl would simply look like this...
access-list Outside_access_in extended permit tcp any interface outside eq www
access-list Outside_access_in extended permit tcp any interface outside eq 3389
access-group Outside_access_in in interface Outside
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide