Web traffic to internal www server through a Cisco ASA 5510
I've been using Cisco PIX for quite some time and didn't had any problems with it. We needed a new firewall for another site and our supplier said that PIX is nearing EOL and recommended to us the ASA. And now my problems.
We have an ASA 5510 with Software Version 7.0. I'm trying to configure the FW to enable web traffic to a server on the internal network. Normally, what I would do with a PIX is just to add the following and it works:
access-list inside_access_to_out permit tcp any host 203.36.xx.xy eq www
apply the access list to the outside interface then clear xlate and it works. With the ASA 5510, I tried doing it and it does not work. Anything else I should be doing to make it work? I checked on the Cisco ASA page and tried the configuration examples there and still didn't work. I found one configuration example http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807d2874.shtml which is new to me thinking that it might be the right solution for me and still it did not work. I reverted to configuring it the "PIX" way.
I don't know where to look at. I didn't expect that there would be much difference with ASA and PIX (is there?).
Please see attachment for the configuration. Any help will be very much appreciated.
Re: Web traffic to internal www server through a Cisco ASA 5510
Your config is fine. The ASA works identically to the PIX (they actually run the same image :-)
I would first enable a capture to make sure packets destined to the web server are reaching the ASA. Once verifying that, then check the syslogs to verify the connection is built, and the reason that it gets torn down. That will shed more light on the issue.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...