Learn how to a build a cloud-first strategyRegister Now


Cannot access Backup interface from inside

Posted on 2008-11-17
Medium Priority
Last Modified: 2012-05-05
When pointing to our Webdefense proxy (port 3178) on backup interface our packets are blocd:

static (inside,backup) netmask
match ip inside host backup any
static translation to
translate_hits = 1020, untranslate_hits = 2595
Question by:snchelpdesk
  • 2
LVL 57

Expert Comment

by:Pete Long
ID: 22985595
Im confused -  whats blocked? you have no outgoing web trafiic?

Author Comment

ID: 22985741
Sorry for the confusion,  we recently switched from a Netgear router that was configure to allow access to an external web defense proxy via port 3128.  With the new ASA setup the traffic seems to be blocked - the only rule I could find to allow hasn't worked:

object-group service Common tcp
 group-object RDP
 group-object TimeClock
 group-object rww
 port-object eq 3128
 port-object eq www
 port-object eq https
 port-object eq pptp
 port-object eq 1471

access-list backup_access_in extended permit tcp any host log errors
access-list backup_access_in extended permit tcp
access-list backup_access_in extended permit udp
access-list backup_access_in extended permit tcp any host object-group Common log critical


Accepted Solution

donaldchapell earned 1500 total points
ID: 22988761
I would take nat-control off, I have had nightmares trying to use that.

Author Closing Comment

ID: 31519454
I dropped nat-control but my is dependent on it.  I have resolved the issue by setting up a dns entry to the local interface of the server hosting the web defense access.  Off to find an easy way to monitor the ASA traffic - I have another application that wants RPC...  Thank you for your assist.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month20 days, 19 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question