How to allow access through Cisco ASA

Guest

Can someone help me with this.

We have an ASA doing NAT for our network. We have a webserver on our
network.

Lets say the IP address for the wan port on the ASA is
206.123.123.123. When I am on the network, I cant seem to access the
webserver by going to http://206.123.123.123. If however I am on my
home network and on the internet, I can access the webserver
http://206.123.123.123.

The port 80 forwarding rule is in place and works fine.

So you see, for some reason, the ASA is blocking me when I am going
out through it and back in.

Anthony · Guest

test

adepaolis@gmail.com wrote:

Anthony · Guest

Sorry about the last post, been having problems.
anyhow.

You say you allow port 80 forwarding, huh? I guess the correct term
would be a static NAT NAT'ing your public to a private ip.

I think the correct statement would be;
static (inside,outside) 206.123.123.123 <private.web.server.ip> netmask
255.255.255.255 0 0

then you'd need an access-list allowing the traffic.
access-list outside-in permit tcp any host 206.123.123.123 eq http

obviously, you'll need to use the correct names and ip which you use.

Im not very experienced, so others might provide more info, or correct
any mistakes.

Cheers,
Anthony

adepaolis@gmail.com wrote:

Guest

This is what I have, I changed

access-list OutsideISP_access_in extended permit tcp any interface
OutsideISP eq https
access-list OutsideISP_access_in extended permit tcp any host
206.xxx.xxx.xxx eq www
access-list OutsideISP_pnat_inbound extended permit tcp interface
OutsideISP eq https interface InsideStaff eq https
static (InsideStaff,OutsideISP) tcp interface https 10.55.5.11 https
netmask 255.255.255.255

10.55.5.11 can be reached from the internet when I go to http://206.xxx.xxx.xxx,
however, when I am on the 10.55.5.x local network and try to visit
http://206.123.123.123 it doesn't work.

Is there a way to make it work?

On Oct 12, 4:42 am, Anthony <ant.robin...@gmail.com> wrote:

Scott Perry · Guest

When using a Cisco PIX or ASA firewall, you cannot reach the configured IP
address of the outside interface from the inside of the firewall. You also
cannot reach the configured IP address of inside interface from the outside
of the firewall. It just does not work.

In cases such as this, if I am understanding the limited explination that
you provided, the internal DNS server resolves to the true IP address of the
web server and the external DNS server resolves to the outside global NAT IP
address on the firewall.

--

===========
Scott Perry
===========
Indianapolis, Indiana
________________________________________
"Anthony" <ant.robinson@gmail.com> wrote in message
news:13guc08gvuj1ad6@corp.supernews.com...