would you recommend to have this line in the access-list applied to the outside interface inbound:
access-list outside_access_in permit tcp any 80 x.x.x.x any
where x.x.x.x is my global address (ip addresses of my internal devices will be translated to x.x.x.x when they go to the internet)
I understand that the ASA will automatically allow the returned traffic from connection requests initiated from the inside to outside, but I see returned traffic from outside web servers port 80 going back are denied.
when the ocnneciton is initiated from the inside,the return traffic comes in automatically.we do not need any access-list on outside interface to permit the return traffic.
if the conneciton is initiated from outside,then we need a static statement for the translation and an access-list on outside interface which could permit the traffic.the access-list which you have specified is any incorrect as the correct statement is : access-list outside_access_in permit tcp any host x.x.x.x eq 80
The connection initiated on the outside will have a random source port and 80 as the destinstion port ( if it's a http request ).So,specfiying 80 as the source port in the access-list will not work.
do u have the syslogs pertaining to the connection which is initiated from the inside and the return traffic being denied .is it denied because of an access-list or does it say " deny tco no conneciton from a.b.c.d to x.x.x.x ( no exisiting translation )..please clarify.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...