Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Unable to access website for outside world

I am having a problem with accessing a web server that sits behind a PIX 515e running version 7.2(2)

I have a static which translate the IP address on the external interface to a ip address on the internal network. I also have a access-list which allows HTTP and HTTPS through. I have attached the entried in a txt file.

when I do a show xlate i can see the translations but when I do a show access-list outside_access_in the access list is shown but the hitcount is 0 on each entry the access list is the access list is applied in on the outside interface.

it probably something really simple I just cant see it at the moment.

Many Thanks

5 REPLIES

Re: Unable to access website for outside world

no access-list outside_access_in extended permit tcp any eq www object-group WEBSERVERS_REF eq www

no access-list outside_access_in extended permit tcp any eq https object-group WEBSERVERS_REF eq https

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq www

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq https

New Member

Re: Unable to access website for outside world

thanks for that.

I have tried this and it still does not work.

Re: Unable to access website for outside world

try again

in any case you ACL is not correct.

New Member

Re: Unable to access website for outside world

Clear all following commands

no static (inside,outside) tcp xxx.xxx.xxx.xxx www 10.220.2.5 www netmask 255.255.255.255

no static (inside,outside) tcp xxx.xxx.xxx.xxx https 10.220.2.5 https netmask 255.255.255.255

no access-list outside_access_in extended permit tcp any eq www object-group WEBSERVERS_REF eq www

no access-list outside_access_in extended permit tcp any eq https object-group WEBSERVERS_REF eq https

and try this and rate for this post

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq www

access-list outside_access_in extended permit tcp any object-group WEBSERVERS_REF eq https

static (inside,outside) xxx.xxx.xxx.xxx 10.220.2.5 netmask 255.255.255.255

Clear xlate

Cheers

Re: Unable to access website for outside world

I may guess that in

static (inside,outside) tcp xxx.xxx.xxx.xxx www 10.220.2.5 www netmask 255.255.255.255

static (inside,outside) tcp xxx.xxx.xxx.xxx https 10.220.2.5 https netmask 255.255.255.255

xxx.xxx.xxx.xxx belongs to ASA's interface itself

so you must use another variant

static (inside,outside) tcp interface www 10.220.2.5 www netmask 255.255.255.255

static (inside,outside) tcp interface https 10.220.2.5 https netmask 255.255.255.255

and correct your ACL

159
Views
0
Helpful
5
Replies
CreatePlease to create content