Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cannot access Backup interface from inside

Posted on 2008-11-17
4
Medium Priority
?
209 Views
Last Modified: 2012-05-05
When pointing to our Webdefense proxy (port 3178) on backup interface 64.2.113.132 our packets are blocd:

Config
static (inside,backup) 64.2.113.132 192.168.10.12 netmask 255.255.255.255
nat-control
match ip inside host 192.168.10.12 backup any
static translation to 64.2.113.132
translate_hits = 1020, untranslate_hits = 2595
ASA-111608a-config.txt
0
Comment
Question by:snchelpdesk
  • 2
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 22985595
Im confused -  whats blocked? you have no outgoing web trafiic?
0
 

Author Comment

by:snchelpdesk
ID: 22985741
Sorry for the confusion,  we recently switched from a Netgear router that was configure to allow access to an external web defense proxy via port 3128.  With the new ASA setup the traffic seems to be blocked - the only rule I could find to allow hasn't worked:

object-group service Common tcp
 group-object RDP
 group-object TimeClock
 group-object rww
 port-object eq 3128
 port-object eq www
 port-object eq https
 port-object eq pptp
 port-object eq 1471

access-list backup_access_in extended permit tcp any host 64.2.113.130 log errors
access-list backup_access_in extended permit tcp 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list backup_access_in extended permit udp 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list backup_access_in extended permit tcp any host 64.2.113.132 object-group Common log critical

ASA-111708-config.txt
0
 
LVL 1

Accepted Solution

by:
donaldchapell earned 1500 total points
ID: 22988761
I would take nat-control off, I have had nightmares trying to use that.
0
 

Author Closing Comment

by:snchelpdesk
ID: 31519454
I dropped nat-control but my is dependent on it.  I have resolved the issue by setting up a dns entry to the local interface of the server hosting the web defense access.  Off to find an easy way to monitor the ASA traffic - I have another application that wants RPC...  Thank you for your assist.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month20 days, 19 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question