Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

simple configuration but not working

very simple configuration, but for some reason its not working...im trying to get the outside to reach inside via port www...the hitcnt on show access list increases but www not showing up on outside pc...any ideas?...oh yeah, this is a brand new asa 5520...this is the first using 7.0 code...more familar with 5 - 6.3 code...

thanks in advance

interface Ethernet0/0

speed 100

nameif outside

security-level 0

ip address 192.168.101.1 255.255.255.0

!

interface Ethernet0/1

speed 100

nameif inside

security-level 100

ip address 10.100.245.1 255.255.255.0

access-list outside extended permit tcp host 192.168.101.5 host 10.100.245.5 eq www

access-group outside in interface outside

static (inside,outside) 10.100.245.5 10.100.245.5 netmask 255.255.255.255

1 ACCEPTED SOLUTION

Accepted Solutions

Re: simple configuration but not working

I don't see anything wrong in your configuration.

Does your www server use the inside interface (10.100.245.1) as it's gateway?

Post the output of 'show nat' if you are still having problems?

HTH

Sundar

5 REPLIES

Re: simple configuration but not working

I don't see anything wrong in your configuration.

Does your www server use the inside interface (10.100.245.1) as it's gateway?

Post the output of 'show nat' if you are still having problems?

HTH

Sundar

New Member

Re: simple configuration but not working

ill check in the morning...well, i think i used the correct gateway, unless i fat fingered it...ill post back in the morning...

thanks again for the response...

Re: simple configuration but not working

Have you tryed other options as:

Static translation :

access-list acl_out permit tcp any host YourPublic-IP eq www

access-group acl_out in interface outside

static (inside,outside) YourPublic-IP Local-IP netmask 255.255.255.255 0 0

Port address translation:

access-list acl_out permit tcp any PublicIP eq http

access-group acl_out in interface outside

static (inside,outside) tcp PublicIP http inside-IP http netmask 255.255.255.255 0 0

Or simply use a NONAT and an ACL as you have in your example. This diables NAT but the outside ACL is still needed.

access-list no_nat_inside extended permit ip any any

nat (inside) 0 access-list no_nat_inside

Note: Do not forget after changing the static to reset the translation table. Be aware that this will reset all connections.

Execute:

clear xlate

sincerely

Patrick

New Member

Re: simple configuration but not working

yep, it was fat fingered...my gateway ip address on my laptop was incorrect...fw is working great!...

thanks for everybody who replied...

New Member

Re: simple configuration but not working

Hi,

Just a few debug ideas.

Check the log on the ASDM/CLI to see what exact error it is giving, if any at all. If there is no error then probably you have an HTTP server misconfiguration or even a routing problem on your LAN.

Another thing you can do is just "telnet 10.100.245.5 80" and see if it goes through.

Hope it helps.

Paulo

136
Views
0
Helpful
5
Replies
CreatePlease to create content