Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Failed to access web server on inside through ASA5505

                   Hello, I have a very simple issue need your kindly helps! I need to access from outside a web server (192.18.81.13)  through ASA5505, and I used static nat to map it to the intreface outside IP,198.18.81.232. Everything seemed OK but I failed to access it through http://192.18.81.232, from the Real-time Log Viewer I found no problems. Attached please find my config. Any suggestions? Thank you!

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Failed to access web server on inside through ASA5505

Ok,

Well according to the logs it seems to me that the clients have correct network configurations as they forward the connection to the ASA. The ASA also seems to have a correct configuration as it builds the connection through the ASA but the connection never fully forms between client and server.

I would suggest checking the network settings of the server to confirm that it has its default gateway set.

If that is fine then I would confim that the service itself is running on the server and no software firewall is blocking the connection attempts. You could naturally test the connectivity with some other TCP based service through the ASA though you would have to configure the same type of Static PAT (Port Forward) and make the ACL rule addition.

- Jouni

5 REPLIES
Super Bronze

Failed to access web server on inside through ASA5505

Hi,

So are you saying that there is only the connected network behind "outside" interface? I can only see a default route that is pointing towards "inside"? Or is there an error on the default route as in a typical setup you would have it towards "outside" or is this ASA somewhere else than the edge of the internal/external network?

As you can see from the logs the connection is allowed through the ASA but it ends with SYN Timeout. It either means the server does not reply or the server (and/or devices between it and the ASA) dont have a route towards the "outside" network of the ASA pointing towards ASA so the return traffic for the connection doesnt go where it needs to go.

- Jouni

New Member

Failed to access web server on inside through ASA5505

My host is connected directly to ASA, and Web server is through a switch. The actual topology is as below,

firewall.jpg

Super Bronze

Failed to access web server on inside through ASA5505

Ok,

Well according to the logs it seems to me that the clients have correct network configurations as they forward the connection to the ASA. The ASA also seems to have a correct configuration as it builds the connection through the ASA but the connection never fully forms between client and server.

I would suggest checking the network settings of the server to confirm that it has its default gateway set.

If that is fine then I would confim that the service itself is running on the server and no software firewall is blocking the connection attempts. You could naturally test the connectivity with some other TCP based service through the ASA though you would have to configure the same type of Static PAT (Port Forward) and make the ACL rule addition.

- Jouni

New Member

Failed to access web server on inside through ASA5505

Checking the gateway sounds very reasonable,  I will check next week, no time in this week. Thank you!

New Member

Failed to access web server on inside through ASA5505

It was really the gateway to blame. I set the server's default gateway to firewall's inside IP then all was OK. To my knowledage there is no need to set gateway since they are connected by a switch, it is strange to me, anyway, it was OK now. Thank you very much!

302
Views
0
Helpful
5
Replies
CreatePlease to create content