11-08-2007 10:17 AM - edited 03-09-2019 07:18 PM
Hi,
I have a cisco asa5520 (new) and while configuring a workstation to permit http syn port 80, the firewall still denies the packets! I can't figure out why it is denying the packets, help!
11-08-2007 12:03 PM
Hi,
If you are trying to reach a worktation which is located behind the inside interface of the firewall from the outside then you also need to have a static NAT command i.e
static (inside,outside) Public-IP Private-IP netmak 255.255.255.255
Where Public-IP is the routable IP address that people from the internet will need to know in order to reach your web server.
Private-IP is the real IP address allocated to your server.
The access-list applied to the OUTSIDE interface should look something like this
access-list Outside-In permit tcp any host Public-IP eq 80
access-group Outside-In in interface outside
I hope it helps ... please rate it if it does !!!
11-09-2007 06:22 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: