we have a server which has an application that listens on port 55005.The way the appliction is accessed is by http://public-ip:55005. I have opened port 55005 on the fwsm and the static and access-lists are as follows
access-list FR_OUTSIDE extended permit tcp any host public-ip eq 55005
access-group FR_OUTSIDE in int OUTSIDE
The issue is that i get the login page.As soon as enter the username and password and hit enter it says page cannot be displayed. On logging the FWSM i cannot find anything being dropped.
I also tried application inspection for http using the following configuration.
match port tcp eq 55005
service-policy HTTP interface OUTSIDE
Now when the outside user tries http://public-ip:55005 i can see that there are hits for the above inspection and that nothing is dropped.But still after supplying the username and password we still get page cannot be displayed. I havent tried with an HTTp map though.
I believe this has got something to do with http traffic going on port 55005. locally everything works OK.
if any one has some ideas regarding this please help
Check the security level of the interfaces. Traffic does not go through the FWSM from a higher security interface to a lower security interface. You did not apply an access list to the higher security interface to allow traffic through. Unlike the PIX firewall, the FWSM does not automatically allow traffic to pass between interfaces.
Apply an access list to the source interface to allow traffic through.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...