Question

NAT on CISCO ASA 5510

Asked by: jeremymjackson

I have a CISCO ASA 5510 that is firewalling and NATing for our network.  We have three DMZ servers on the DMZ interface of this ASA that host websites.  SRWEB08 hosts corporate web, SRES01 hosts OWA for Exchange, SRHD01 hosts helpdesk web.  Each of these sites work great from the inside of the network.  Only SRWEB08 and SRES01 work from outside the network.  The site on SRHD01 times out after approximately 5 minutes.

: Saved
:
ASA Version 8.0(3) 
!
hostname YODA
enable password XXXXXXXXXXXXXXXXXXXXX encrypted
multicast-routing
names
name 172.31.0.0 DMZ
name 172.16.0.0 PRODUCTION
name 172.30.0.0 VPN
name 172.31.3.33 SPF01
name 172.31.3.34 SRES01
name 172.31.3.40 SRHD01
name 172.31.3.13 SRNASFTP
name 172.31.3.36 SRRA01
name 172.31.3.6 SRTS02
name 172.30.1.0 VPN_SUBNET
name 192.192.192.0 PRODUCTION_WORKSTATIONS_GENERAL
name 192.192.191.0 PRODUCTION_WORKSTATIONS_OPS
name 172.17.0.0 QALAB
name 172.31.3.44 SRBES01
name 172.31.3.51 SRWEB08
name 172.16.3.15 XSTORE1
name 172.31.3.35 SRSQLSB01
name 10.1.1.0 INternal description internal network
name 172.31.3.10 SRPBX01
!
interface Ethernet0/0
 description CONNECTION_TO_LUKE
 nameif INSIDE
 security-level 100
 ip address 10.1.1.6 255.255.255.252 
!
interface Ethernet0/1
 description CONNECTION_TO_DMZ
 nameif DMZ
 security-level 50
 ip address 172.31.1.1 255.255.0.0 
!
interface Ethernet0/2
 description CONNECTION_TO_CSC-SSM
 nameif CSC-SSM
 security-level 0
 ip address 10.3.1.1 255.255.255.252 
!
interface Ethernet0/3
 description CONNECTION_TO_VADER
 nameif OUTSIDE
 security-level 0
 ip address 10.1.1.9 255.255.255.252 
!
interface Management0/0
 description MANAGEMENT
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
passwd xxxxxxxxxxxxxx encrypted
boot system disk0:/asa803-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup INSIDE
dns domain-lookup DMZ
dns domain-lookup CSC-SSM
dns domain-lookup OUTSIDE
dns server-group DNS_SERVERS
 name-server 172.16.3.1
 name-server 172.16.3.3
 domain-name xxxx.xxxxxxxxxxxxx.com
dns-group DNS_SERVERS
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
 port-object eq www
 port-object eq https
object-group network VPNPOOL
 network-object VPN_SUBNET 255.255.255.0
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service dhcp tcp-udp
 port-object range 67 68
object-group service VPN tcp-udp
 port-object eq 500
 port-object eq 10000
 port-object eq 7777
object-group service DM_INLINE_TCP_2 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_SERVICE_1
 service-object gre 
 service-object esp 
 service-object udp eq isakmp 
 service-object ah 
object-group service DM_INLINE_SERVICE_2
 service-object gre 
 service-object esp 
 service-object udp eq isakmp 
 service-object ah 
object-group network DM_INLINE_NETWORK_7
 network-object PRODUCTION 255.255.0.0
 network-object VPN_SUBNET 255.255.255.0
object-group service ALTIGEN_TCP tcp
 port-object range 10025 10050
 port-object eq 10064
 port-object range 49152 49220
 port-object eq 69
 port-object eq h323
object-group service ALTIGEN_UDP udp
 port-object eq 10060
 port-object range 49152 49220
 port-object eq sip
object-group network INTERNAL_INSPECT_ADDRESSES
 network-object PRODUCTION_WORKSTATIONS_OPS 255.255.255.0
 network-object PRODUCTION_WORKSTATIONS_GENERAL 255.255.255.0
object-group service DM_INLINE_TCP_3 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_4 tcp
 port-object eq www
 port-object eq https
object-group service SMTP_ALL tcp
 port-object eq 587
 port-object eq smtp
object-group network DM_INLINE_NETWORK_5
 network-object host SRES01
 network-object host SRWEB08
object-group service DM_INLINE_TCP_5 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_6 tcp
 port-object eq ftp
 port-object eq ftp-data
 port-object eq www
 port-object eq https
object-group service DM_INLINE_SERVICE_3
 service-object tcp-udp eq www 
 service-object tcp eq www 
 service-object tcp eq https 
object-group service DM_INLINE_TCPUDP_1 tcp-udp
 port-object eq domain
 port-object eq kerberos
object-group service DM_INLINE_SERVICE_4
 service-object tcp eq 135 
 service-object tcp eq 137 
 service-object tcp eq 3268 
 service-object tcp eq 445 
 service-object tcp eq 88 
 service-object tcp eq ldap 
 service-object udp eq 389 
 service-object udp eq netbios-ns 
object-group service DM_INLINE_SERVICE_5
 service-object tcp eq www 
 service-object udp eq ntp 
object-group service UDP6001-6194 udp
 port-object range 6004 6194
object-group service DM_INLINE_TCP_7 tcp
 port-object eq ftp
 port-object eq ftp-data
object-group service DM_INLINE_TCP_8 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_9 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_10 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_11 tcp
 port-object eq www
 port-object eq https
object-group service DM_INLINE_TCP_12 tcp
 port-object eq www
 port-object eq https
object-group network SMTP_ALLOWED
 network-object host JJACKSON
object-group service DM_INLINE_TCP_13 tcp
 port-object eq www
 port-object eq https
access-list OUTSIDE_access_in extended deny ip any host XSTORE1 log debugging 
access-list OUTSIDE_access_in extended deny ip any host 172.17.1.29 log debugging 
access-list OUTSIDE_access_in extended permit ip any any 
access-list OUTSIDE_access_in remark ALLOW VPN SUBNET ANYWHERE
access-list OUTSIDE_access_in extended permit ip VPN_SUBNET 255.255.255.0 any 
access-list OUTSIDE_access_in remark ALLOW HTTP/HTTPS ACCESS FROM ANYWHERE TO NAT TO SRWEB08
access-list OUTSIDE_access_in extended permit tcp any host 111.111.111.2 object-group DM_INLINE_TCP_5 
access-list OUTSIDE_access_in remark ALLOW FTP ACCESS FROM ANYWHERE TO NAT TO SRNASFTP
access-list OUTSIDE_access_in extended permit tcp any host 111.111.111.3 object-group DM_INLINE_TCP_6 
access-list OUTSIDE_access_in remark ALLOW VPN ACCESS FROM ANYWHERE
access-list OUTSIDE_access_in extended permit object-group TCPUDP any host 111.111.111.10 object-group VPN 
access-list OUTSIDE_access_in extended permit tcp any host 111.111.111.2 object-group SMTP_ALL 
access-list OUTSIDE_access_in extended permit tcp any host 111.111.111.13 object-group DM_INLINE_TCP_8 
access-list OUTSIDE_access_in extended permit tcp any host 111.111.111.4 object-group DM_INLINE_TCP_11 
access-list OUTSIDE_access_in extended permit tcp any host 111.111.111.5 object-group DM_INLINE_TCP_13 
access-list OUTSIDE_access_in extended permit tcp any host SRSQLSB01 object-group DM_INLINE_TCP_9 
access-list OUTSIDE_access_in extended permit tcp any host SRES01 object-group DM_INLINE_TCP_3 
access-list OUTSIDE_access_in extended permit tcp any host SRHD01 object-group DM_INLINE_TCP_10 
access-list OUTSIDE_access_in extended permit tcp any host SRWEB08 object-group DM_INLINE_TCP_4 
access-list OUTSIDE_access_in extended permit tcp any host SPF01 object-group SMTP_ALL 
access-list OUTSIDE_access_in extended permit tcp any host SRNASFTP object-group DM_INLINE_TCP_7 
access-list OUTSIDE_access_in extended permit icmp any any inactive 
access-list OUTSIDE_access_in extended permit object-group TCPUDP any any object-group VPN 
access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_2 any any 
access-list OUTSIDE_access_in extended deny ip any any log debugging 
access-list INSIDE_access_in extended permit tcp any host SRES01 eq smtp 
access-list INSIDE_access_in extended deny tcp any any eq smtp 
access-list INSIDE_access_in extended permit udp any any eq sip log debugging 
access-list INSIDE_access_in extended permit icmp any any 
access-list INSIDE_access_in extended permit object-group TCPUDP any any log debugging 
access-list INSIDE_access_in extended permit object-group TCPUDP any any object-group VPN 
access-list INSIDE_access_in extended permit object-group DM_INLINE_SERVICE_1 any any 
access-list INSIDE_access_in extended permit ip object-group DM_INLINE_NETWORK_7 DMZ 255.255.0.0 
access-list INSIDE_nat0_outbound extended permit ip any 10.3.1.0 255.255.255.252 
access-list global_mpc extended permit tcp object-group INTERNAL_INSPECT_ADDRESSES any object-group DM_INLINE_TCP_1 inactive 
access-list DRXDRX_splitTunnelAcl standard permit PRODUCTION 255.255.0.0 
access-list DRXDRX_splitTunnelAcl standard permit DMZ 255.255.0.0 
access-list DRXDRX_splitTunnelAcl standard permit VPN_SUBNET 255.255.255.0 
access-list DRXDRX_splitTunnelAcl standard permit QALAB 255.255.0.0 
access-list inside_nat0_outbound extended permit ip PRODUCTION 255.255.0.0 VPN_SUBNET 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 10.1.1.4 255.255.255.252 10.3.1.0 255.255.255.252 
access-list inside_nat0_outbound extended permit ip any DMZ 255.255.0.0 
access-list inside_nat0_outbound extended permit ip VERIZON_NETS 255.255.255.248 10.1.1.8 255.255.255.252 
access-list inside_nat0_outbound extended permit ip 172.0.0.0 255.0.0.0 10.0.0.0 255.0.0.0 
access-list outside_cryptomap extended permit ip any VPN_SUBNET 255.255.255.0 
access-list outside_cryptomap_20.20 extended permit ip any object-group VPNPOOL 
access-list OUTSIDE_nat0_outbound extended permit ip any VERIZON_NETS 255.255.255.248 
access-list OUTSIDE_nat0_outbound extended permit ip 10.1.1.8 255.255.255.252 any 
access-list OUTSIDE_nat0_outbound extended permit ip VPN_SUBNET 255.255.255.0 DMZ 255.255.0.0 
access-list DMZ_nat0_outbound extended permit ip DMZ 255.255.0.0 PRODUCTION 255.255.0.0 
access-list DMZ_nat0_outbound extended permit ip DMZ 255.255.0.0 VPN_SUBNET 255.255.255.0 
access-list DMZ_access_in extended permit ip DMZ 255.255.0.0 VPN_SUBNET 255.255.255.0 log 
access-list DMZ_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any eq smtp log debugging 
access-list DMZ_access_in extended deny tcp any any eq smtp log debugging 
access-list DMZ_access_in extended permit tcp host SRHD01 any object-group DM_INLINE_TCP_12 log debugging 
access-list DMZ_access_in remark ALLOW SRES01 SMTP ACCESS ANYWHERE
access-list DMZ_access_in extended permit tcp host SRES01 any eq smtp log inactive 
access-list DMZ_access_in extended permit ip DMZ 255.255.0.0 any 
access-list DMZ_access_in extended permit ip host SRSQLSB01 any log debugging 
access-list DMZ_access_in remark ALLOW ANYTHING FROM DMZ TO VPN_SUBNET
access-list DMZ_access_in remark ALLOW DHCP REQUESTS FROM DMZ TO PRODUCTION
access-list DMZ_access_in extended permit object-group TCPUDP DMZ 255.255.0.0 PRODUCTION 255.255.0.0 object-group dhcp log disable inactive 
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_5 host SPF01 any inactive 
access-list DMZ_access_in remark ALLOW SRES01 IP ACCESS ANYWHERE
access-list DMZ_access_in extended permit ip host SRES01 any log disable inactive 
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_4 DMZ 255.255.0.0 PRODUCTION 255.255.0.0 log disable inactive 
access-list DMZ_access_in remark ALOW DMZ DNS ACCESS ANYWHERE
access-list DMZ_access_in extended permit object-group TCPUDP DMZ 255.255.0.0 any object-group DM_INLINE_TCPUDP_1 log disable inactive 
access-list DMZ_access_in remark ALLOW SRES01 HTTP AND HTTPS ACCESS ANYWHERE
access-list DMZ_access_in extended permit object-group DM_INLINE_SERVICE_3 host SRES01 any log disable inactive 
access-list DMZ_access_in extended permit udp host SRES01 any object-group UDP6001-6194 inactive 
access-list DMZ_access_in extended permit udp host SRES01 any eq 1899 inactive 
access-list DMZ_access_in extended permit object-group TCPUDP host SRRA01 host 64.222.71.25 eq www inactive 
access-list DMZ_access_in extended permit tcp any DMZ 255.255.0.0 eq domain log disable inactive 
access-list DMZ_access_in extended permit object-group TCPUDP any host SRES01 eq www inactive 
access-list DMZ_access_in extended permit ip any host SRES01 inactive 
access-list DMZ_access_in remark DENY AND LOG
access-list DMZ_access_in extended deny ip any any log debugging 
access-list OUTSIDE_nat_static extended permit object-group TCPUDP host 111.111.111.10 object-group VPN any object-group VPN 
access-list acl-out extended permit object-group TCPUDP any object-group VPN host 111.111.111.10 object-group VPN 
access-list OUTSIDE_nat0_outbound_1 extended permit ip any host 111.111.111.14 
access-list CSC-SSM_access_in extended permit ip host 10.3.1.2 any 
access-list LAN2LAN_NAT0 extended permit ip PRODUCTION 255.255.0.0 object-group XXXXXXXXXX_SUBNETS 
access-list INSIDE_access_in_1 extended permit tcp any host SRES01 object-group SMTP_ALL log debugging 
access-list INSIDE_access_in_1 extended permit tcp object-group SMTP_ALLOWED any object-group SMTP_ALL log debugging 
access-list INSIDE_access_in_1 extended deny tcp any any object-group SMTP_ALL log debugging 
access-list INSIDE_access_in_1 extended permit ip any any 
access-list DMZ_access_out extended permit ip VPN_SUBNET 255.255.255.0 DMZ 255.255.0.0 
access-list DMZ_access_out extended permit ip any any log debugging 
access-list DMZ_access_out extended deny ip any any log debugging 
access-list OUTSIDE_access_in_1 extended permit ip host 10.1.1.10 any 
pager lines 24
logging enable
logging timestamp
logging monitor debugging
logging buffered debugging
logging trap debugging
logging asdm informational
logging mail informational
logging debug-trace
mtu INSIDE 1500
mtu DMZ 1500
mtu CSC-SSM 1500
mtu OUTSIDE 1500
mtu management 1500
ip local pool vpnpool VPN_SUBNET-172.30.1.254 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any INSIDE
icmp permit any DMZ
icmp permit any CSC-SSM
icmp permit any OUTSIDE
asdm image disk0:/asdm-611.bin
no asdm history enable
arp timeout 14400
global (OUTSIDE) 1 interface
nat (INSIDE) 0 access-list inside_nat0_outbound
nat (INSIDE) 1 INternal 255.255.255.0
nat (INSIDE) 1 PRODUCTION 255.255.0.0
nat (INSIDE) 1 QALAB 255.255.0.0
nat (DMZ) 0 access-list DMZ_nat0_outbound
nat (DMZ) 1 DMZ 255.255.0.0
nat (OUTSIDE) 0 access-list OUTSIDE_nat0_outbound
nat (OUTSIDE) 0 access-list OUTSIDE_nat0_outbound_1 outside
static (OUTSIDE,INSIDE) udp 10.1.1.4 sip 10.1.1.8 sip netmask 255.255.255.252 
static (DMZ,OUTSIDE) tcp 111.111.111.2 smtp SPF01 smtp netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp 111.111.111.3 www SRWEB08 www netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp 111.111.111.3 ftp-data SRNASFTP ftp-data netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp 111.111.111.3 ftp SRNASFTP ftp netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp 111.111.111.2 www SRES01 www netmask 255.255.255.255  norandomseq
static (DMZ,OUTSIDE) tcp 111.111.111.2 https SRES01 https netmask 255.255.255.255  norandomseq
static (DMZ,OUTSIDE) tcp 111.111.111.2 imap4 SRES01 imap4 netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp 111.111.111.5 www SRHD01 www netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp 111.111.111.5 https SRHD01 https netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp 111.111.111.13 https SRSQLSB01 https netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp 111.111.111.13 www SRSQLSB01 www netmask 255.255.255.255 
access-group INSIDE_access_in_1 in interface INSIDE
access-group DMZ_access_in in interface DMZ
access-group DMZ_access_out out interface DMZ
access-group CSC-SSM_access_in in interface CSC-SSM
access-group OUTSIDE_access_in in interface OUTSIDE
!
router rip
 network 10.0.0.0
 network PRODUCTION
 network QALAB
 network 172.18.0.0
 network 172.19.0.0
 network 172.29.0.0
 network VPN
 network DMZ
 redistribute connected metric transparent
 version 2
!
route OUTSIDE 0.0.0.0 0.0.0.0 10.1.1.10 1
route INSIDE PRODUCTION 255.255.0.0 10.1.1.5 1
route DMZ DMZ 255.255.0.0 172.31.255.254 1
route INSIDE 192.168.169.0 255.255.255.0 10.1.1.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa-server MD_RAD_SVR-GRP protocol radius
aaa-server MD_RAD_SVR-GRP host 172.16.3.3
 key cisco
aaa-server MD_RAD_SVR_VPN protocol radius
aaa-server MD_RAD_SVR_VPN host 172.16.3.3
 key cisco
aaa authentication enable console MD_RAD_SVR-GRP LOCAL
aaa authentication http console MD_RAD_SVR-GRP LOCAL
aaa authentication serial console MD_RAD_SVR-GRP LOCAL
aaa authentication ssh console MD_RAD_SVR-GRP LOCAL
aaa authentication telnet console MD_RAD_SVR-GRP LOCAL
aaa authorization command LOCAL 
http server enable
http 192.168.1.0 255.255.255.0 management
http INternal 255.255.255.0 INSIDE
http PRODUCTION 255.255.0.0 INSIDE
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_20.20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface OUTSIDE
crypto isakmp identity address 
crypto isakmp enable CSC-SSM
crypto isakmp enable OUTSIDE
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet PRODUCTION 255.255.0.0 INSIDE
telnet 10.1.1.10 255.255.255.255 OUTSIDE
telnet timeout 5
console timeout 0
management-access INSIDE
dhcpd address 192.168.1.2-192.168.1.254 management
!
dhcprelay server 172.16.3.1 INSIDE
dhcprelay enable DMZ
dhcprelay timeout 60
vpn load-balancing 
 interface lbpublic CSC-SSM
 interface lbprivate CSC-SSM
threat-detection basic-threat
threat-detection statistics
tftp-server INSIDE 172.16.3.3 c:\tftp-root\
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol webvpn
group-policy DRXDRX internal
group-policy DRXDRX attributes
 dns-server value 172.16.3.1 172.16.3.3
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-tunnel-protocol IPSec svc 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value DRXDRX_splitTunnelAcl
username admin password EzWnaLdExFoNnglv encrypted privilege 15
tunnel-group DRXDRX type remote-access
tunnel-group DRXDRX general-attributes
 address-pool vpnpool
 authentication-server-group MD_RAD_SVR_VPN LOCAL
 default-group-policy DRXDRX
tunnel-group DRXDRX ipsec-attributes
 pre-shared-key *
!
class-map global-class
 match access-list global_mpc
class-map INSPECTION_DEFAULT
 match default-inspection-traffic
!
!
policy-map global_policy
 class global-class
  csc fail-close
  inspect sip  
 class INSPECTION_DEFAULT
  inspect pptp 
  inspect ipsec-pass-thru 
  inspect sip  
  inspect ftp 
!
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context 
Cryptochecksum:64d40b67c73e5b36a9a8ab955f069a7b
: end
asdm image disk0:/asdm-611.bin
asdm location VERIZON_NETS 255.255.255.248 INSIDE
asdm location MPL911 255.255.255.0 INSIDE
asdm location PRODUCTION_WORKSTATIONS_OPS 255.255.255.0 INSIDE
asdm location QALAB 255.255.0.0 INSIDE
asdm location SRBES01 255.255.255.255 INSIDE
asdm location SRWEB08 255.255.255.255 INSIDE
asdm location XSTORE1 255.255.255.255 INSIDE
asdm location INternal 255.255.255.0 INSIDE
asdm location SRPBX01 255.255.255.255 INSIDE
no asdm history enable

                                  
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
427:
428:
429:
430:
431:
432:
433:
434:
435:
436:
437:
438:
439:
440:
441:
442:
443:
444:
445:
446:
447:
448:
449:
450:
451:
452:
453:
454:
455:
456:
457:
458:
459:
460:
461:
462:
463:
464:
465:
466:
467:
468:
469:
470:
471:
472:
473:
474:
475:
476:
477:
478:
479:
480:
481:
482:
483:
484:
485:
486:
487:
488:
489:
490:
491:
492:
493:
494:
495:
496:
497:
498:
499:
500:
501:
502:
503:
504:
505:
506:
507:
508:
509:
510:
511:
512:

Select allOpen in new window

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-03-30 at 11:44:16ID24278420
Tags

CISCO ASA 5510

Topics

Cisco PIX Firewall

,

Networking Hardware Firewalls

,

Enterprise Firewalls

Participating Experts
1
Points
500
Comments
9

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Exchange 2007, OWA, ISA and Cisco ASA DMZ
    I'm a bit confused as to how to place my components for OWA, Outlook 2007, and mobile support. I have Cisco ASA and I originally planned to put the web server in the DMZ, then set a policy in the ASA to allow https traffic back to the Exchange server on the inside. However, t...
  2. Cisco ASA NAT question - DMZ server to "remote" bran…
    Cisco ASA 5510 Inside interface: 192.168.1.2/24 dmz interface: 172.16.1.10/24 outside: 10.0.0.1 Also connected on the *inside* interface is an MPLS cloud with branches at 192.168.2.0/24, 192.168.3.0/24, and 192.168.4.0/24. Again, these are all on the inside interface (via a ...
  3. DMZ Cisco ASA
    I have a server with dual nic's and an ASA 5505 with Security Plus License. I want to have one nic on the internal Vlan and the other on the DMZ Vlan. Ultimately I plan to have internal access to the server on nic1 and use a chroot jail for the DMZ on nic2, but for right no...
  4. Cisco ASA 5510 NAT setup inside dmz out
    Hey Guy's, I'm setting up a brand new Cisco ASA 5510 from scratch. Simple network to begin, but I need help with NAT. Inside = 192.168.10.0/24 Ouside = 216.13.114.0/28 DMZ = 192.168.129.0/24 I need to be able to ping between Inside and DMZ and any Inside subnet can access...
  5. Cisco ASA 5510 NAT setup inside dmz out
    Hey Guy's, I'm setting up a brand new Cisco ASA 5510 from scratch. Simple network to begin, but I need help with NAT. Inside = 192.168.10.0/24 Ouside = 216.13.114.0/28 DMZ = 192.168.129.0/24 I need to be able to ping between Inside and DMZ and any Inside subnet can access...
  6. Cisco ASA DMZ configuration
    Hi all! I am having a problem with setting up and configuring a DMZ on a Cisco ASA 5510 version 8.3 I can access the DMZ from the internal LAN, but cannot anything on the internal LAN from the DMZ even after configuring specific ACL's for this access. I've been trying to ge...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: JFrederick29Posted on 2009-03-30 at 11:55:06ID: 24021998

The ASA config looks okay.

Is 10.1.1.10 port filtering at all?  It is routing 111.111.111.5 to 10.1.1.9, right?

 

by: jeremymjacksonPosted on 2009-03-30 at 12:05:39ID: 24022110

The config on 10.1.1.10 is very basic.


Building configuration...
 
Current configuration : 6232 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VADER
!
boot-start-marker
boot-end-marker
!
logging buffered 16384
enable secret 5 XXXXXXXXXXXXXXXXXXX
enable password XXXXXXXXXX
!
no aaa new-model
dot11 syslog
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name XXX.XXXXXXXXXXXX.com
ip name-server 172.16.3.1
ip name-server 4.2.2.2
!
multilink bundle-name authenticated
!
!
!
!
!
username admin privilege 15 password 0 XXXXXXXXXX
archive
 log config
  hidekeys
! 
!
!
!
ip ssh source-interface FastEthernet0/3/0
!
!
!
interface GigabitEthernet0/0
 description FIBER WAN CONNECTION$ETH-WAN$
 ip address 111.111.111.14 255.255.255.240
 ip access-group 103 in
 ip mask-reply
 no ip redirects
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description CABLE WAN CONNECTION$ETH-WAN$
 ip address 222.222.222.253 255.255.255.248
 ip access-group 103 in
 ip nat outside
 ip virtual-reassembly
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/2/0
 shutdown
!
interface FastEthernet0/2/1
 shutdown
!
interface FastEthernet0/2/2
 shutdown
!
interface FastEthernet0/2/3
 shutdown
!
interface FastEthernet0/3/0
 description CONNECTION TO YODA$ETH-LAN$
 ip address 10.1.1.10 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 duplex full
 speed auto
 no mop enabled
!
interface Vlan1
 no ip address
 shutdown
!
router rip
 version 2
 passive-interface GigabitEthernet0/0
 passive-interface GigabitEthernet0/1
 network 10.0.0.0
 network 172.16.0.0
 network 172.17.0.0
 network 172.18.0.0
 network 172.19.0.0
 network 172.29.0.0
 network 172.30.0.0
 network 172.31.0.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 111.111.111.1 permanent
ip route 111.111.111.2 255.255.255.255 10.1.1.9
ip route 111.111.111.3 255.255.255.255 10.1.1.9
ip route 111.111.111.4 255.255.255.255 10.1.1.9
ip route 111.111.111.5 255.255.255.255 10.1.1.9
ip route 111.111.111.6 255.255.255.255 10.1.1.9
ip route 111.111.111.7 255.255.255.255 10.1.1.9
ip route 111.111.111.8 255.255.255.255 10.1.1.9
ip route 111.111.111.9 255.255.255.255 10.1.1.9
ip route 111.111.111.10 255.255.255.255 10.1.1.9
ip route 111.111.111.11 255.255.255.255 10.1.1.9
ip route 111.111.111.12 255.255.255.255 10.1.1.9
ip route 111.111.111.13 255.255.255.255 10.1.1.9
!
!
ip http server
no ip http secure-server
ip nat pool FIBER_POOL 111.111.111.2 111.111.111.9 netmask 255.255.255.240
ip nat inside source list 1 pool FIBER_POOL overload
ip nat inside source static 10.1.1.9 111.111.111.10
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.8 0.0.0.3
access-list 1 permit 172.0.0.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 3 remark Auto generated by SDM Management Access feature
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 172.16.0.0 0.0.255.255
access-list 4 remark Auto generated by SDM Management Access feature
access-list 4 remark SDM_ACL Category=1
access-list 4 permit 172.16.0.0 0.0.255.255
access-list 5 remark Auto generated by SDM Management Access feature
access-list 5 remark SDM_ACL Category=1
access-list 5 permit 172.16.0.0 0.0.255.255
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp host 172.16.3.1 eq domain any
access-list 100 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq telnet
access-list 100 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq 22
access-list 100 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq www
access-list 100 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq 443
access-list 100 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq cmd
access-list 100 deny   tcp any host 10.1.1.10 eq telnet
access-list 100 deny   tcp any host 10.1.1.10 eq 22
access-list 100 deny   tcp any host 10.1.1.10 eq www
access-list 100 deny   tcp any host 10.1.1.10 eq 443
access-list 100 deny   tcp any host 10.1.1.10 eq cmd
access-list 100 deny   udp any host 10.1.1.10 eq snmp
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip host xxxxxxxxxxxx.1 any
access-list 101 permit ip host 222.222.222.250 any
access-list 101 permit ip 172.16.0.0 0.0.255.255 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq telnet
access-list 102 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq 22
access-list 102 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq www
access-list 102 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq 443
access-list 102 permit tcp 172.16.0.0 0.0.255.255 host 10.1.1.10 eq cmd
access-list 102 deny   tcp any host 10.1.1.10 eq telnet
access-list 102 deny   tcp any host 10.1.1.10 eq 22
access-list 102 deny   tcp any host 10.1.1.10 eq www
access-list 102 deny   tcp any host 10.1.1.10 eq 443
access-list 102 deny   tcp any host 10.1.1.10 eq cmd
access-list 102 deny   udp any host 10.1.1.10 eq snmp
access-list 102 permit ip any any
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp host xxxxxxxxxxxxxx host 111.111.111.14 eq 22
access-list 103 permit tcp host 222.222.222.250 host 111.111.111.14 eq 22
access-list 103 deny   icmp any any
access-list 103 deny   tcp any host 111.111.111.14 eq telnet
access-list 103 deny   tcp any host 111.111.111.14 eq 22
access-list 103 deny   tcp any host 111.111.111.14 eq www
access-list 103 deny   tcp any host 111.111.111.14 eq 443
access-list 103 deny   tcp any host 111.111.111.14 eq cmd
access-list 103 deny   udp any host 111.111.111.14 eq snmp
access-list 103 permit ip any any
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 access-class 101 in
 password xxxxxxxxxxxx
 login local
 transport input telnet ssh
 transport output telnet ssh
!
scheduler allocate 20000 1000
!
end
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:

Select allOpen in new window

 

by: JFrederick29Posted on 2009-03-30 at 12:20:05ID: 24022260

Have you tried connecting by IP address to rule out a DNS issue?

From a PC's command prompt on the Internet, does the following work:

telnet 111.111.111.5 80
telnet 111.111.111.5 443

 

by: jeremymjacksonPosted on 2009-03-30 at 12:29:55ID: 24022361

Just tried both tests:

Connecting by IP address yields the same results as connecting by name.  111.111.111.3 website pops up instantly, 111.111.111.5 times out after 5 minutes or so.   It appears like its going to work because the webserver hosting the website that 111.111.111.5 points to has a redirect to a directory on that server and I can see the redirect happening in my browser.  This site and redirect works instantly from our internal network.

Connecting by telnet yields HTTP/1.1 400 bad request in command window.

 

by: JFrederick29Posted on 2009-03-30 at 12:31:19ID: 24022374

Hmm, the site isn't hard coded with the internal IP address is it?  What does it redirect to?

 

by: JFrederick29Posted on 2009-03-30 at 12:32:09ID: 24022386

By the way, the fact that you get an HTTP 400 message means 80 is open to the server so you can rule out the router and ASA config.  Seems like something with the website coding...

 

by: jeremymjacksonPosted on 2009-03-30 at 12:45:20ID: 24022533

The default website in ISS redirects to a Virtual Directory below the default website.  For instance, entering www.111.com hits the default website and autmatically gets me to www.111.com/home/.

 

by: JFrederick29Posted on 2009-03-30 at 12:52:32ID: 24022611

So, if you go direct to www.111.com/home/ does it make any difference?  Like I said, the ASA is fine but the issue appears to lie within the site setup.  Sorry, I don't even claim to be a web admin :-)

 

by: jeremymjacksonPosted on 2009-04-08 at 08:36:57ID: 31564474

No, its still not working.

I think I have narrowed it down to a problem with the site itself as the other sites on this web server work fine.

Thanks,

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...