I have a problem with my web server on DMZ behind Cisco ASA5520. On the outside interface I have pppoe dsl connection (I get static IP address), I made a dynamic NAT for my inside network and a static NAT for DMZ. I did also a PAT from outside interface port 8080 to web-server (DMZ) port 8081. Under access-group outside-in I created ACL which allow group of IPs to access outside interface on port 8080. I tried with packet tracer but it doesn't allow the traffic throught (it goes to the implicit rule instead of my rule).
The problem I guess is in transtated IP address. I have a pppoe connection (username, pass) but I get static IP - always the same. I think Cisco has a problem with static ACL (doesn't know, that this is his outside IP address)... I also tried to make ACL with IP address y.y.y.y (instead interface outside) but it also doesn't work. I saw via ASDM it is possible to make a static nat translation to outside interface IP (without entering any address). I haven't try it yet, cause the FW is in production.
Does anyone know a right solution for this please?
Your access-list and access-group configuration is fine. Assuming that y.y.y.y is the IP address you get on the outside interface. I'm not sure if you have already used following static command, but try using static command like this-
Remove the existing static command first-
no static (dmz,outside) tcp y.y.y.y 8080 172.16.0.2 8081
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :