• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 443
  • Last Modified:

Accessing internal device via NAT & Access List

I have setup an outside connection but am being denied...  I don't see what is causing the denial.

Deny tcp src outside:XX.XX.XX.210/37537 dst inside:204.16.20.88/80 by access-group "outside" [0x0, 0x0]

Pertinent access list, Static, & nat entries:
access-list outside extended permit tcp any host 192.168.10.16 eq www
access-list split standard permit 192.168.10.0 255.255.255.0
access-list nonat extended permit ip any 192.168.10.0 255.255.255.0
access-list nonat extended permit ip any 192.168.10.192 255.255.255.192

nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 204.16.20.86 192.168.10.10 netmask 255.255.255.255
static (inside,outside) 204.16.20.88 192.168.10.16 netmask 255.255.255.255
access-group outside in interface outside

Attaching full running config as well.

ASA-111008-config.txt
0
snchelpdesk
Asked:
snchelpdesk
  • 2
  • 2
1 Solution
 
JFrederick29Commented:
You need to specify the external IP address in the access-list.

conf t
access-list outside extended permit tcp any host 204.16.20.88 eq www
no access-list outside extended permit tcp any host 192.168.10.16 eq www
0
 
snchelpdeskAuthor Commented:
Thank you - all good!
0
 
JFrederick29Commented:
Excellent.  All set to close out this question?
0
 
snchelpdeskAuthor Commented:
Thanks again - I thought I did close this out so good thing you reminded me.

Dave
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now