blin2000
asked on
Can’t access our website from the LAN
We just added a Cisco ASA5510 to protect our network. Every thing works except no one in the LAN can access our imail we site. The web site points to one of our public IP, x.x.x.35 (we can access the web site from outside and we just can’t do the same inside after adding the ASA). Is it possible the inside computers can access our web site using the public IP address? If not, my another option is to setup a DNS record pointing to the web site, for example 192.168.0.213 = www.chicagotech.net (our network domain name is chicagotech.local)?. I can’t figure out how to do that. Any suggestions?
Here is the Cisco ASA configuration.
ASA Version 7.0(5)
!
hostname ciscoasa
domain-name default.domain.invalid
names
dns-guard
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.38 255.255.255.248
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.0.250 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
access-list out_to_inside extended permit tcp any host x.x.x.34 eq www
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8080
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8383
access-list out_to_inside extended permit tcp any host x.x.x.35 eq www
access-list out_to_inside extended permit tcp any host x.x.x.34 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.34 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 13001
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 13001
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.35 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.35 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 8383
pager lines 24
logging asdm informational
mtu management 1500
mtu Inside 1500
mtu Outside 1500
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (management) 10 0.0.0.0 0.0.0.0
nat (Inside) 10 0.0.0.0 0.0.0.0
static (Inside,Outside) x.x.x.34 192.168.0.213 netmask 255.255.255.255
static (Inside,Outside) x.x.x.35 192.168.0.112 netmask 255.255.255.255
access-group out_to_inside in interface Outside
route Outside 0.0.0.0 0.0.0.0 x.x.x.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
Here is the Cisco ASA configuration.
ASA Version 7.0(5)
!
hostname ciscoasa
domain-name default.domain.invalid
names
dns-guard
!
interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.38 255.255.255.248
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.0.250 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
nameif management
security-level 100
no ip address
management-only
!
ftp mode passive
access-list out_to_inside extended permit tcp any host x.x.x.34 eq www
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8080
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8383
access-list out_to_inside extended permit tcp any host x.x.x.35 eq www
access-list out_to_inside extended permit tcp any host x.x.x.34 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.34 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 13001
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 13001
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.35 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.35 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 8383
pager lines 24
logging asdm informational
mtu management 1500
mtu Inside 1500
mtu Outside 1500
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (management) 10 0.0.0.0 0.0.0.0
nat (Inside) 10 0.0.0.0 0.0.0.0
static (Inside,Outside) x.x.x.34 192.168.0.213 netmask 255.255.255.255
static (Inside,Outside) x.x.x.35 192.168.0.112 netmask 255.255.255.255
access-group out_to_inside in interface Outside
route Outside 0.0.0.0 0.0.0.0 x.x.x.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. That works.
ASKER
The issue now is how I create the A record because the our network domain name and web domain name are different. Do you mean CNAME?