ASA service-policy

b_learoyd · ‎02-13-2006

I need to allow outbound access to an IP address on destination port tcp:8443 using https. Simply adding the rule to the rule base doesn't permit the connection even when just restricted by source/destination ip address. Is this because of default-inspection or some other service-policy? Where do I start looking for clues?

Barry.

varakantam · ‎02-13-2006

Can you post your scenario e.g with IP's ? I beleive you might need to create some kind of NAT/Static with ports

brandon.smith · ‎02-13-2006

When you say "outbound access" do you mean that the destination host is on the Internet, or does "outbound access" mean access from the Internet to an inside host? If it's the first meaning, do you have an access list applied to the internal (higher security level) interface? If it's the second meaning, you can use the static command to do a port redirection if I understand what you are wanting to do correctly. Something similar to the following may work for you:

static (inside,outside) tcp 1.1.1.1 8443 2.2.2.2 443

where 1.1.1.1 = public IP address,

and 2.2.2.2 = private IP address

Hope this helps...

b_learoyd · ‎02-14-2006

Just to clarify the access is from devices attached to E1 to an Internet IP address these devices are using a global NAT outbound and standard http and https work OK. Connections to this destination address on tcp:8443 work when they aren't via the ASA.

Barry.