I have two offices in different cities. I'm trying to use an external IP address from an Internet circuit in city A to connect to a website hosted on a server in city B. City A and city B are connected through a P2P T1 WAN line and they are on different subnets.
I have set up the static NAT translation on the firewall in city A to point to the correct IP of the website in city B, and added the IP to my access-list for port 80 access.
When I try to access the site by external IP it times out but I see the access-list statement increment so I know it's being activated. I can open the website internally from either city. I can also ping from the firewall in city A to the website in city B successfully. Is there any way for me to get this to work?
I understand that this may sound trivial, but have you tried to add the reverse in the acl for traffic back from city b?
permit tcp 10.10.10.0 0.0.0.255 host 184.108.40.206 eq 80
permit tcp host 220.127.116.11 10.10.10.0 0.0.0.255 eq 80
I am not saying this will work but I have had to do this in the past.
I'm a bit embarrassed to say I'm not sure how to do that. I tried viewing the real time log in the ASDM but it didn't give me any useful information.
no need to be embarrassed, this is the point of the forums to help each other along. There are a lot of smart people on here willing to assist.
I am one of the new guys still learning.
ping (remote ip)
debug ip packet detail
This will give you a lot of info so you will need to look through the logs. You are looking to see if the icmp made it out and what is responding back, if anything. This will help narrow down which side, or what part of the acl is having the issue.
******DON'T FORGET to do undebug all before you check your logs!!!!!