Cannot access Backup interface from inside

Posted on 2008-11-17
Last Modified: 2012-05-05
When pointing to our Webdefense proxy (port 3178) on backup interface our packets are blocd:

static (inside,backup) netmask
match ip inside host backup any
static translation to
translate_hits = 1020, untranslate_hits = 2595
Question by:snchelpdesk
    LVL 57

    Expert Comment

    by:Pete Long
    Im confused -  whats blocked? you have no outgoing web trafiic?

    Author Comment

    Sorry for the confusion,  we recently switched from a Netgear router that was configure to allow access to an external web defense proxy via port 3128.  With the new ASA setup the traffic seems to be blocked - the only rule I could find to allow hasn't worked:

    object-group service Common tcp
     group-object RDP
     group-object TimeClock
     group-object rww
     port-object eq 3128
     port-object eq www
     port-object eq https
     port-object eq pptp
     port-object eq 1471

    access-list backup_access_in extended permit tcp any host log errors
    access-list backup_access_in extended permit tcp
    access-list backup_access_in extended permit udp
    access-list backup_access_in extended permit tcp any host object-group Common log critical

    LVL 1

    Accepted Solution

    I would take nat-control off, I have had nightmares trying to use that.

    Author Closing Comment

    I dropped nat-control but my is dependent on it.  I have resolved the issue by setting up a dns entry to the local interface of the server hosting the web defense access.  Off to find an easy way to monitor the ASA traffic - I have another application that wants RPC...  Thank you for your assist.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    How to configure Site to Site VPN on a Cisco ASA.     (version: 1.1 - updated August 6, 2009) Index          [Preface]   1.    [Introduction]   2.    [The situation]   3.    [Getting started]   4.    [Interesting traffic]   5.    [NAT0]   6.…
    When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now