Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1149
Views
20
Helpful
20
Replies

Issue with ASA 5510

Go to solution
John Huthmaker
Level 4
Level 4

‎02-08-2012 02:56 PM - edited ‎03-11-2019 03:26 PM

Hello Everyone,

I want to first say that this is my first time ever working on an ASA, so I appologize for the elementary questions.  My task today is allow incoming HTTP, and HTTPS traffic to my internal IP Address.

Currently this firewall is up, and working great.  There are several internal servers, and every service they are presenting to the internet are working fine.  Im using the graphic interface.  I added my server under the "Public Servers" like all of the other objects.  I can see it created the appropriate NAT statement, and access rule.  I applied my change, and saved the settings to flash.

The problem I'm having is the internal server is now essentially cut off from the internet.  I obviously cant access HTTP or HTTPS from the internet, but that server cant get from the lan to the internet either.  Every other server is working fine though.  I checked the order of how the nat rule and access rule are being applied, and I think they're fine.

The only thing I can think of is I need to restart the ASA, but that really surprises me.  I would think that adding a statement in an ASA would just work without a reboot.

Any thoughts?  I can provide screen shots of my Access Rules, NAT rules, and Public Servers list if it helps.

Thank you in advance.  I need to get this fixed asap.

Labels:
0 Helpful
20 Replies 20

Go to solution
John Huthmaker
Level 4
Level 4
In response to Julio Carvajal

‎02-08-2012 04:26 PM

Weird, so everything appears to be fine then?

Alright, I'll contact my isp.  Do I need to turn off that catpure?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to John Huthmaker

‎02-08-2012 04:42 PM

Hello John.

If you want, yes.

no capture capin

no capture capout

That should do it!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
John Huthmaker
Level 4
Level 4
In response to Julio Carvajal

‎02-08-2012 04:46 PM

Thanks very much for your help

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to John Huthmaker

‎02-08-2012 04:50 PM

Hello John,

My pleasure, let me know if you have any problem with the ISP.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
John Huthmaker
Level 4
Level 4
In response to Julio Carvajal

‎02-08-2012 05:01 PM

You've been very very helpful.  Rather than reinventing the wheel, I chose a different IP address I had available.  Everything is working perfect.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to John Huthmaker

‎02-08-2012 05:08 PM

Hello John,

Sure, It was a pleasure to work on this with you.

Please mark the question as answered so future users can learn from this.

Regards,

Julio!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card