• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 423
  • Last Modified:

Accessing internal device via NAT & Access List

I have setup an outside connection but am being denied...  I don't see what is causing the denial.

Deny tcp src outside:XX.XX.XX.210/37537 dst inside:204.16.20.88/80 by access-group "outside" [0x0, 0x0]

Pertinent access list, Static, & nat entries:
access-list outside extended permit tcp any host 192.168.10.16 eq www
access-list split standard permit 192.168.10.0 255.255.255.0
access-list nonat extended permit ip any 192.168.10.0 255.255.255.0
access-list nonat extended permit ip any 192.168.10.192 255.255.255.192

nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 204.16.20.86 192.168.10.10 netmask 255.255.255.255
static (inside,outside) 204.16.20.88 192.168.10.16 netmask 255.255.255.255
access-group outside in interface outside

Attaching full running config as well.

ASA-111008-config.txt
0
snchelpdesk
Asked:
snchelpdesk
  • 2
  • 2
1 Solution
 
JFrederick29Commented:
You need to specify the external IP address in the access-list.

conf t
access-list outside extended permit tcp any host 204.16.20.88 eq www
no access-list outside extended permit tcp any host 192.168.10.16 eq www
0
 
snchelpdeskAuthor Commented:
Thank you - all good!
0
 
JFrederick29Commented:
Excellent.  All set to close out this question?
0
 
snchelpdeskAuthor Commented:
Thanks again - I thought I did close this out so good thing you reminded me.

Dave
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now