Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

problem with ASA 5540..

I am facing a problem with ASA for providing Application connectivity to intranet hosts. The details are explained below:

The Network structure is as follows:

- Intranet gateway router = 172.16.150.1

- ASA outside interface = 172.16.150.3

- NAt'ed IP to app server = 172.16.150.2

- remote network gateway = 172.16.151.1

Problem:

- Intranet Gateway routers and all hosts to router at all ends can ping each other except ASA.

- Only hosts conected to the router to which ASA is connected can ping ASA outside interface and also get tcp access through ASA.

- but Intranet gateway router to which ASA is connected cant ping ASA.

- The remote hosts cant get tcp access through ASA, getting no hits on ASA interface.

- If ASA connected to Public IP over Internet with same settings (only IP changed) all host on internet can ping ASA outside interface and access web server inside.

The ASA config file is attached. Please help in resolving this problem. I want to enable access to web server inside ASA to outside Intranet on private IP's.

7 REPLIES

Re: problem with ASA 5540..

and what is your problem?

New Member

Re: problem with ASA 5540..

problem is that Intranet hosts outside ASA cannot get tcp/http access to web servers residing inside ASA even after permitting any host to inside network by access-list.

Re: problem with ASA 5540..

You should have static NAT for the Intranet hosts.

Re: problem with ASA 5540..

Which networks have private ip addresses and which networks have public ip?

New Member

Re: problem with ASA 5540..

I have used static NAT as given below

# static (inside,outside) 172.16.150.2 192.168.8.21 netmask 255.255.255.255

here no public IP is involved, 172.16.0.0/ 24 is Intranet network connected on outside interface of ASA through router 172.16.150.1, and 192.168.8.21 is web server IP connected to inside interface of ASA.

Re: problem with ASA 5540..

no access-group inside in interface inside

no access-group inside_out out interface inside

and try again

New Member

Re: problem with ASA 5540..

does it mean no access list required on inside interface. I shall try out tomorrow and revert you back.

Thanks for guidance.

154
Views
0
Helpful
7
Replies